Chrome Store hosts Facebook-highjack Flash

Google now in cat and mouse game with scammers

Malware makers have slipped a fake version of Adobe’s Flash on to its Chrome Web Store to support an Facebook scam that generates fraudulent “Likes” that are sold to companies.

Google Chrome Web Store launched in 2010 to distribute apps, games and productivity tools however malware makers and legitimate organisations have been slower to use the platform than Google’s Android Market.

For example, the Commonwealth Bank of Australia this February launched its NetBank app on Chrome store, while its Android and iPhone apps have been available since at least 2011.

Researchers from antivirus firm Kaspersky this month discovered the malicious Flash app hosted on Google’s Chrome browser store. The fake app completes the circle in a scam aimed at controlling Facebook accounts, specifically its “Like” feature.

The launchpad for the fake Flash Player is a Facebook app called “Aprenda”. If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension.

“This last one caught our attention not because it asks the user to install a malicious extension, but because the malicious extension is hosted at the official Google's Chrome Web Store. If the user clicks on ‘install application’ he will be redirected to the official store. The malicious extension presents itself as “Adobe Flash Player”, wrote Fabio Assolini.

"Be careful when using Facebook. And think twice before installing a Google Chrome extension," he adds.

Google has quickly removed the fake software but Assolini noted “the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

The malware operates in much the same way as other Facebook scams, such as inviting friends to install it, however the purpose of the highjacking accounts is to generate fraudulent "Likes" which are sold for about US$27 per 1,000.

The malware appears not to have hit Australians but has spread mildly across Portugal and Brazil and to an extent the US and Europe.

About 900 people had installed the fake Flash software allowing the malware to then take over the victim’s Facebook profile, according to Assolini.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Register Today. 

Consumerisation is inevitable.. So how secure is your data?

Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution. Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.

10 Comments

Sabrina

1

May be we will change it? settings can be detected.

Gopal Das

2

Facebook scams or any other kinds, I think everybody should check Scam Detector, an app that Apple released recently. They have hundreds and hundreds of scams exposed, in several industries. For those interested, the app has an online presence as well: www.scam-detector.com

robert

3

The launchpad for the fake Flash Player is a Facebook app called “Aprenda”.

kalihto

4

Hope So!!

backyards

5

Do people residing in log cabins tend to have a lower amount of
wellness to the people living in proper homes?

Swimming Pool Installation

6

What's up, always i used to check web site posts here early in the morning, because i love to find out more and more.

peptic ulcer surgery recovery

7

Super post. Looking forth to the next one.
Provided that you continue to keep this quality. I
am convinced you will have a lot of visitors
in no time.
All the best, and definitely checking for your subsequent content.

Muscle factor X

9

I know this site presents quality depending articles and
other data, is there any other web page which provides such things in quality?

Muscle factor X

10

I know this site presents quality depending articles and other data, is
there any other web page which provides such things in quality?

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Security

Safeguard your corporate and roaming employee endpoints and mobile devices.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.