Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to the news list

Facebook is attacked once again

April 29, 2016

At present, Facebook is considered to be one of the most popular social networks not only among ordinary Internet users but also among attackers. Doctor Web analytics found out that the Google Chrome plug-in able to send out spam messages has already affected more than 12,000 of Facebook users.

The malicious plug-in for Google Chrome is detected as Trojan.BPlug.1074. If the plug-in affects the browser, it determines the identifier of the user (UID) when they log on to Facebook and modifies the appearance of the website by removing the Privacy Shortcuts menu located at the upper-right side of the Facebook window, together with other drop-down menus of the social network’s interface. Then the Trojan obtains the user’s friend list.

After that, Trojan.BPlug.1074 creates a new group named randomly. Using the group ID, the victim’s profile photo and the address of the webpage retrieved from a configuration file, the Trojan generates a “share a link” post and publishes it on the wall in specified intervals. What is more, the Trojan adds all the victim’s friends on Facebook to the post so this message is published on their walls too.

screen #drweb

If the user follows the specified link, they are redirected to some webpage whose appearance is identical to the Facebook web design. Yet, if another website was used to follow this link, the user is redirected to a blank webpage.

screen #drweb

The webpage is named “Hello please watch my video” and contains an allegedly standard video player. If the victim uses Chrome, they are prompted to download and install a browser plug-in that is, in fact, another copy of Trojan.BPlug.1074.

screen #drweb

Trojan.BPlug.1074 can use this method to spread other plug-ins for Google Chrome.

Doctor Web security researchers registered more than 12,000 cases involving the Trojan.BPlug.1074 malicious plug-in being installed by Facebook users as of April 28, 2016. Dr.Web Anti-virus successfully detects and removes this Trojan. Yet, our specialists recommend you to pay careful attention when installing extensions for the browser even if they are offered by such a popular website as Facebook.

More about this Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments