Microsoft finds malware that targets Facebook profiles

Microsoft has announced that it has discovered a new wave of malware attacks that are trying to go after Facebook profiles. The malware itself, Trojan:JS/Febipos.A, is delivered via a browser extension that so far has been found to target users of Google's Chrome and Mozilla's Firefox browsers.

In a post on the company's Malware Protection Center blog, Microsoft says the Facebook browser extension was first found in Brazil. It states:

To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website .info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.

The malware is capable of taking over a user's Facebook account and can then post a new message, "like" a post, engage with friends, comment on a post and more. It may also post links on Facebook profiles, such as the example shown in the image above which has a link to a car selling site.

The Facebook malware browser extension originated in Brazil but is unlikely to be confined there. Microsoft warns, "There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time." Microsoft recommends all PC users keep their security programs updated with the latest virus and malware definitions.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Review: Nokia Lumia 520

Next Story

Nokia's Lumia range: What's on the way?

6 Comments

Commenting is disabled on this article.

If this is a chrome or firefox extension, can't google or firefox delete this particular extension from their stores and be done with it? Or extensions can be downloaded and installed from third party sites as well?

And let's assume I have this extension, will my antivirus scan my browser extensions too?

Mozilla distributes a blacklist of extensions and plugins for Firefox independently of the browser's updates, so they could centrally block it.

No idea about Chrome. The browser is, itself, a piece of spyware for Google; so if you're running Chrome you might as well install this Facebook malware anyway.