Corporate Partners

Chrome Store hosts Facebook-highjack Flash

Google now in cat and mouse game with scammers

Malware makers have slipped a fake version of Adobe’s Flash on to its Chrome Web Store to support an Facebook scam that generates fraudulent “Likes” that are sold to companies.

Google Chrome Web Store launched in 2010 to distribute apps, games and productivity tools however malware makers and legitimate organisations have been slower to use the platform than Google’s Android Market.

For example, the Commonwealth Bank of Australia this February launched its NetBank app on Chrome store, while its Android and iPhone apps have been available since at least 2011.

Researchers from antivirus firm Kaspersky this month discovered the malicious Flash app hosted on Google’s Chrome browser store. The fake app completes the circle in a scam aimed at controlling Facebook accounts, specifically its “Like” feature.

The launchpad for the fake Flash Player is a Facebook app called “Aprenda”. If Aprenda is installed it redirects users to Chrome Web Store, encouraging them to install the fake Flash extension.

“This last one caught our attention not because it asks the user to install a malicious extension, but because the malicious extension is hosted at the official Google's Chrome Web Store. If the user clicks on ‘install application’ he will be redirected to the official store. The malicious extension presents itself as “Adobe Flash Player”, wrote Fabio Assolini.

"Be careful when using Facebook. And think twice before installing a Google Chrome extension," he adds.

Google has quickly removed the fake software but Assolini noted “the bad guys behind this malicious scheme are uploading new extensions regularly, in a cat and mouse game.”

The malware operates in much the same way as other Facebook scams, such as inviting friends to install it, however the purpose of the highjacking accounts is to generate fraudulent "Likes" which are sold for about US$27 per 1,000.

The malware appears not to have hit Australians but has spread mildly across Portugal and Brazil and to an extent the US and Europe.

About 900 people had installed the fake Flash software allowing the malware to then take over the victim’s Facebook profile, according to Assolini.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Register Today. 

Consumerisation is inevitable.. So how secure is your data?

Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution. Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.

Join the CSO newsletter!

Error: Please check your email address.

More about Adobe SystemsCommonwealth Bank of AustraliaFacebookGoogleKasperskyKasperskyNetBank

Market Place