A recent report revealed by security firm TrendMicro showed that cybercriminals are using Google Chrome extensions to steal Facebook credentials. To further collaborate with the report, the company Radware released new information about the scam in question.
The company explains that the scam is spread through links on Facebook that direct victims to download malicious extensions for Google Chrome. Thus, when clicking on the link, the user is taken to a fake page similar to the appearance of YouTube, but requires the download of the infected extension to be able to play the video.
- The 10 biggest social networks in 2022
- Emoticons on the keyboard
According to Radware, cybercriminals manage to circumvent the Chrome Web Store by publishing extensions that pretend to be real, but that have an extra code that is responsible for the scam. Infected extensions are able to perform the following actions:
- Steal passwords to access Facebook / Instagram;
- Post and send messages on Facebook / Instagram (which is used to attract new victims);
- Cryptocurrency mining, which generates profit for attackers;
- "Watch" videos on YouTube (invisibly) or subscribe the victim to channels without authorization;
- Redirect your browser to open specific pages.
The scam, according to what has been revealed, is based on the legitimate extension Nigelify and for that reason it was named "Nigelthorn".
Until then, extensions were removed from the Chrome Web Store. However, it is always good to pay attention before installing any extension in your browser.
