Chat Spy Extension gives you a Bad Face(book) Lift

Fake extension promising illicit insights into other people

This is a Facebook chat scam that’s got quite a personality. The spy-me-do trend in scam bait will wane and wax but, apparently, never go away. So here’s its latest creativity peak: in a message disseminated via the social network chat, users are told that someone’s spying on  their chat conversations and that they can do the same by accessing the provided link.

A similar message, helping spread the word about variants of the same scam, appears on various pages created with the precise  purpose of gathering impressive like counts under various pretexts (winning a Guinness prize or just proving that studying is a bore, though passing exams is great….just two of countless examples).

Considering the impressive persistence and mutations of the “See who viewed your profile” scam, this is an unimaginative, but quite ambitious, way of setting the fake spying business on a well trodden and safe track. Due to platform limitations, chat-based scams cannot be detected by social network security solutions, so the only things that keep them from spreading even faster and further are users’ ability to detect fishy situations and the power to resist temptation.

This being said, let’s pretend that said ability and power are temporarily away from the office of social reason. What happens next? Pack some snacks, it’s a long journey. Like in any good story, you have to pass a series of tests before you get your hands on the Golden Fleece that’ll be your earpiece (I’ll let you figure out how :-)).

First step: like a bunch of UNKNOWN pages. Please do it! It’s not like your account’s in any danger of being flooded later on with spam or messages linking to malware spreading pages. Live a little!

Step two & three: input your name and country. Why not? Perhaps it’s census season in scammer land. Why not help the guys a little bit? I’m quite positive they won’t use this info to customize their messages so as to hit the right target (male/female) in the right language. NONONO.

Step four: plant your bugs in the Facebook chat!

Here’s where you’d get a little stuck, as, apparently, the thing you’re about to install requires you to use Chrome. Therefore, if you’re not already on Chrome, you’d have to be really desperate to go back to square 1 and take this trip once again. But, let’s not spoil a good story and keep going.

That’s where we find out what the until-now-nondescript spying tool is: a Chrome add-on.  It will access the user data on all websites, but that won’t hurt a bit, right?

Wouldn’t bet on it. Every time you re-open your browser, you’ll be hit with sponsored ads such as this one:

Might I point out that this sounds like an attempt to get you into a survey maze?

The best part’s still to come. Once you’ve logged into your Facebook account, you get to witness the miracle of Facebook account customization:

As you can see in the snapshot above, the account appears to be reconfigured and three mind-blowing new features pop up: Manage functions, Activity filters and Profile skins. While the third feature speaks to the customization-eager segment of the audience, the first two apparently allow users to dive into the technical depths of their accounts. Apparently is the right word, as by clicking these features you open up wish lists of imaginary options that cannot be enabled. Therefore, we’ve got a third party app that promises to do one thing and actually manages to achieve another. Suspicious, don’t you think?

Further on, a quick look at the add-on’s description, especially at the “Show dislike button” part, will raise some serious doubts as to the legitimacy of this little wonder.

Considering the recent FTC /vs/ Facebook events that bring Facebook privacy issues back into the spotlight, do you really thing the social network would take the risk of making available to third party apps (or even of collecting) info on users’ chat conversations….which is exactly what this add-on promises to help you do?

This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst and Andrei Serbanoiu, Bitdefender Analyst Programmer.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.