Microsoft has released a warning of a new malware disguised extension for Google Chrome and Firefox add-on, began circulating on Facebook, targeting and hijacking Facebook accounts.
Detail: The virus seems to work focusing on the Facebook pages of Brazilians, including specific commands in Portuguese.
According to a bulletin from Microsoft, the file tries to maintain a legitimate update for browsers. Once downloaded, the Trojan monitors the infected computer is logged into a Facebook account and try to download a file ‘config’ which includes a list of commands for the browser extension.
From there, the malware is able to perform typical actions of Facebook, such as ‘like’ a page, share, post, join a group and chat via ‘chat’ with friends who are part of the account “infected”.
Some variations of malware include commands to post inflammatory messages in Portuguese and with links to other pages on Facebook. According to Microsoft, the number of ‘likes’ and shares on one of these pages grew during the analysis of the Trojan – suggesting that infections continue.
It is unclear how the malware settles or even how many infections may have already happened. In addition, the ability of the virus can be greater, it is capable of modifying messages, URLs, Facebook pages at any time.
Finally, although the malware appears to have been designed with a focus on targets Brazilians, Microsoft concludes that the Trojans can easily be modified to attack users in other regions.