Malware In Chrome Extensions Can Steal Facebook Info & More


The Chrome Web Store is the official outlet for Chrome extensions and the safest place to obtain them, as demonstrated by the fact that security firm TrendMicro recently found a malware called FacexWorm embedded in an extension that's been making its way around Facebook. The extension in question is called Koblo, and it's capable of stealing your Facebook credentials, among other information, with ease. Essentially, given installation and full permissions, this extension can steal just about any login you enter into Chrome, potentially culminating in full-on identity theft. Koblo currently seems to be the only extension with this particular strain of malware making the rounds, but it's not unreasonable to think that there are probably others, which means that users should exercise caution and only install extensions from the Chrome Web Store. Even that solution, of course, is far from perfect.

The extension in question masquerades as a sort of codec add-on for Chrome that will allow users to watch a video that's attached to a Facebook message. Once it's installed, your Facebook credentials are the easiest pickings, since you're almost guaranteed to be logged onto that page at the moment. Once it has those, it spreads itself by sending messages to any of your friends who happen to be online and active. Just like the one you received, this message will contain a link to a video, which will prompt your friends to download the extension. The cycle repeats if any of your friends fall for it. Facebook seems to be the primary distribution method for this malware right now.

Though Chrome does not allow direct access to your database of stored passwords in most cases, if you enter your login information and log onto a site while the extension is active, it can steal those credentials by intercepting them. This makes the FacexWorm malware extremely dangerous, and makes it entirely possible that it could spread beyond Facebook. This malware was first found in August of 2017, and has been relatively quiet until its recent transformation. Its previous form lacked the ability to steal credentials outside of Facebook, making this version far more dangerous.

Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments