Beware! Google Chrome's Malicious Extensions Are Causing Facebook Click Fraud!



Digital Marketers are using different strategies to generate maximum traffic to their webpages. They are using attractive and unique "Click-bait" titles to attract internet users. On the other hand, cyber crooks are using illegal strategies to get more click revenue. Recently a 19 years old security researchers discovered that cyber criminals are using malicious extensions on "Chrome Browser" to generate sketchy Facebook likes.

What is the Scenario?

Maxime Kjaer, student of Switzerland's Swiss Federal Institute of Technology was seeing his Facebook account. He noticed that one of his friend is continuously liking vulgar and adult links on Facebook such as "Basic Kissing Tips" etc. These links contains hundred of likes but not a single comment was present. When he opened that link, the browser redirected him to another webpage. On that webpage he got a message to install "Viral Content Age Verify" named chrome extension to view the content of website.

This was not an only extension, there were nine more Chrome Extension like this. These extensions were registered under a website "viralands.com". Google have removed all of these extensions now. According to a report, there were more than 1,30,000 users of these extensions.

Where is the Vulnerability?

The vulnerability found by Kjaer is called "Glaring Security Hole". This vulnerability was present in the Web store of Google Chrome, which was allowing hackers to upload malicious extensions. Hackers were uploading malicious extensions and they were targeting victims by social engineering.

Working Process of These Extensions

When victim clicks on the install button of "Viral Content Age Verification" extension, "manifest.json" named file enters into the system. This files is working in three different files:

Query-String.js

install.js

background.js



The malicious code is present in the "install.js" file. Rest of the files are safe. Hackers are controlling "install.js" file through command and control server. This file is getting malicious payload from two different urls. This malware is capable to steal tokens of all websites. It can also steal the login tokens of Facebook, you tube and financial websites and hackers can get full control of your accounts.

List of Malicious Extensions

Viralands Age Verify

Viral Content Age Verify

Content Age Verify

Age Bypass For YouTube

Restricted Content Verification

Google's Action Against it

All these extensions now have been blacklisted by Google. It will be automatically disappeared from the infected computers. Users of these extensions, need to change passwords of their Facebook account. Users need to understand that, cyber criminals are using different type of techniques to hack their social accounts. They need to aware themselves about it.