Warning: New spyware on facebook

August 17, 2014

facebook-spam-msgA message popped a couple of times on facebook today from the same person. I don’t usually chat with this person and the language sounded like the spam messages sent to ‘strangers’. What caught me into investigating it further is the ability for the ‘bot’ to use my profile picture in the message tempting me to believe some video of mine is published somewhere.

See, things are getting different with these spammers now. I knew the link that read fun-metin2.com will redirect to something else. I opened it & followed where it leads. Oh! Oh! It ends up on www.amk-mt2.com which looks ‘identical’ to facebook. I #facepalmed at the thought of how many folks will fall for this.

facebook-youtube-video-scam

The page shows a ‘Youtube video’ like stuff. Hover your mouse & you notice the play icon turns red just as it happens on Youtube. Many will be tempted to click and watch what is it about.

Oh wait! Just before clicking, view the page source. Is it really a Youtube video? The code says:


Facebook - Video Special - facebook.com

There’s no Youtube video there. A further analysis of the code reveals clicking on the so-appearing Youtube video will call a JavaScript function chromex().




Let’s have a look at the header and here are the JavaScripts that get into action.








Notice the +check+ in the code? Well, by now you must have got the idea that this will work only on Chrome/Chromium browsers. The script will install a plugin on your Chrome browser. The +check+ part is returned by another piece of script from the page where it detects the browser & platform type.








For the sake of fun I ran it on Firefox. Nothing happens! Obviously, it should only work on Google Chrome or Chromium browser. So, I tried the same on Chromium browser. Opened the link, clicked on the video and voilĂ  …



facebook-video-chrome-spam-1



Chromium prompts to install a plugin called Facebook Video Plugin. It also warns you that the plugin will access your data on all websites and your browsing activity. It’s a spyware. Now, you should have understood the aim of the spam. Spread like cheese & butter on facebook then capture data from Chrome users.



Say you deny the installation & the page turns red (^^,) …



facebook-video-chrome-spam-2



At the time of writing this article Chrome Web Store specifies the plugin has 3,388 users.



My dear folks, I say it again, don’t just click anything and everything on facebook. Be safe.



Update

The plugin has been removed from Chrome Web Store.