New Facebook Scam: Malicious Chrome Extension Spreads Video of Jessica Alba - How to, Technology and PC Security Forum | SensorsTechForum.com
CYBER NEWS

New Facebook Scam: Malicious Chrome Extension Spreads Video of Jessica Alba

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Facebook has long been a target for all kinds of scammers. The social network has often been leveraged in malware distribution campaigns. Cyren researchers just discovered a malicious Google Chrome extension that is spreading nude celebrity PDFs to Facebook groups. Apparently a user is uploading a PDF document to groups with the following name:

Jessice_Alba_Leaked-sextapeVide_oSun_Dec_4_2016_22_99.mp4.pdf

In fact this trick is one of the oldest phishing tricks, but there are still users who fall for the scam.


What Happens If Users Fall for the Scam?

Researchers say that opening the PDF leads to a nude picture with a ”Play“ button in the middle. If clicked, the picture opens up a Web browser for the video to be viewed. If the browser is Internet Explorer, Mozilla Firefox, or Safari, the potential victim will be taken to an aggressive advertising page that may contain nudity, fake lottery, etc:

If the user is running Google Chrome, the following link will be opened:

hxxps://rb-xxxxxx.xxx/gxxxxo.php

They will also be shown a fake YouTube website. Clicking the Play button will only open a pop-up window that invites the user to install the bad Google Chrome extension. Once the extension is installed, the browser will open a Facebook.com login page. The extension can read the user’s friend list, Facebook groups, and available personal information. It could also upload the PDF to groups, posts and to friends in private chat, researchers say.

The extension is able to read the user’s friend list, Facebook groups, plus all personal information and upload the PDF to groups, posts, and to friends in private chat.

Furthermore, the extension contains a list of antivirus and antispam domains to block. It will also prevent users from accessing the Chrome extensions settings page.


What Celebrity Names Are Used in the Scam?

Not surprisingly, the names of beautiful female celebrities were users: Jessica Alba, Jennifer Lawrence, Selena Gomez, Hilary Duff, Rihanna, Scarlett Johansson, Kim Kardashian, Kelly Brook, Doutzen Kroes and Nicki Minaj.

The only way to remove the extension is via deleting its registry key from the reg editor, as well as its folder in AppData.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...