New Browser Extension Trojan Hijacking Facebook Profiles

Facebook is so much popular as a social website that every now and then I come across some news of a new Trojan spreading on FB. I am sure you must have seen some posts by your friends on Facebook sharing some malicious link with some video on their wall someday and the next day claiming that it was some virus, do not click on them. So where do you think this virus came from? There can be many reasons for this malicious activity on facebook, and one such activity is described here.

Recently Microsoft warned all the Facebook users about a new browser extension Trojan that is spreading on Facebook and hijacking the profiles. This Trojan is called Trojan:JS/Febipos.A and was first discovered in Brazil but the rate at which it is spreading, we are sure it will include the other areas of the world soon.

The malware is a malicious browser extension mostly attacking Chrome and Firefox. When installed, it attempts to update itself using the following URLs:

Chrome browser:

du-pont.info/updates/<removed>/BL-chromebrasil.crx

Mozilla Firefox browser:

du-pont.info/updates/<removed>/BL-mozillabrasil.xpi

What this Trojan does is, it monitors the user activity to see when the user is logged into Facebook and when the user is logged in, it attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.

This extension/Trojan can be responsible for liking a page, share, post, join group, invite friends to group, launch chat to friends and comment on a post. In short this Trojan can do activities that you would not like to and that too without your consent.

Recent example of the activity of the Trojan. The configuration file contains a command to post the following message in Facebook:

GAROTA DE 15 ANOS VÍTIMA DE BULLYING COMETE SUICÍDIO APÓS MOSTRAR OS SEIOS NO FACEBOOK
Vìdeo no link abaixo:<Currently unavailable link>

It is written in Portuguese and here’s an English translation:

15 YEAR-OLD VICTIM OF BULLYING COMMITS SUICIDE AFTER SHOWING HER BREASTS ON FACEBOOK.
Video on the link below: <Currently unavailable link>

facebook-malware-page

Trojan can also like some malicious page and spread via the page (as shown in the screenshot). It may also post links on Facebook profiles. For example, the posted link from the Facebook page in the image above redirects to a website that sells cars.

As per MS, the simplest way to stay safe from this Trojan is to keep your security products up to date and always be little more cautious while installing an add-on for the browser [via].

Leave a Reply