Jump to content

BPlug Trojan Hides in Chrome Extensions and Spams Your Facebook Friends


Batu69

Recommended Posts

Trojan also hides your Facebook logout menu

bplug_trojan_hides_in_chrome_extensions_

 Users prompted to install malicious extension on Facebook look-alike site

 

Trojan.BPlug.1074 is the name of a recently discovered trojan that hides in Chrome extensions and will spam your Facebook friends with links to malicious websites.

BPlug was first seen a week ago, as part of a Google Chrome extension's JavaScript files. Once users install the Chrome extension in their browser, it would wait for the victim to visit Facebook.

Here, the trojan would retrieve the user's UID (user identifier) and their CSRF token. These details are then used to perform actions on Facebook on the user's behalf.

BPlug spams your friends via user groups and Facebook mentions

BPlug will hide some of the user's top-right menu options, preventing them from accessing the logout menu, but it will also create a randomly named group in the user's name.

In this group, the trojan will then share a link at various intervals and start mentioning random friend names from your contact list.

These friends will receive a notification, and in most cases, they will investigate the group post, sometimes clicking the link, if not recognizing it as a spam message.

Spam leads users to a Facebook clone

This link takes the users to a Facebook lookalike website that makes it seem like someone has shared a YouTube video with their friends. Clicking to view this video prompts the user to download a plugin. In the case of Google Chrome browsers, Dr.Web security researchers claim it is another Google Chrome plugin containing the same BPlug trojan, but also other malware.

A particularity of this link is that it only shows the fake YouTube video if the user is clicking it from inside the Facebook group. Accessing it directly or from another website shows a blank page.

Dr.Web researchers said that they detected over 12,000 users who installed this malicious plugin in their Chrome browser. Softpedia has reached out to Dr.Web in order for the company to disclose the extension's name so that users can avoid installing it in their browsers.

Article source

Link to comment
Share on other sites


  • Views 467
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...