Facebook tag scams have re-emerged, Bitdefender warns. Today’s scam starts with an attractive video capture posted on users’ Walls. Twenty of the victims’ Facebook friends are tagged in the post, so those who have not tweakedÂ their privacy settings will be tagged without their consent.
OnceÂ users click to see the video, theyÂ are redirected to a suspicious-looking URL which displays a spoofed Youtube page. IfÂ usersÂ click again to access the promised pornographic content, theyÂ are askedÂ to download a Chrome browser plugin namedÂ mithv1.
A quick search on Google’s official storeÂ shows the plugin is posing as an internet security extension designed to encrypt traffic and “unblock websites”. It was published on the 4th June, which could explain the absence of the number of downloads – it is either very new or few people have tried to install it. Either way, this should spark serious doubts to any user. It’s pays offÂ to do some research before installing anything.
The onesÂ who install it are prompted with a login window asking themÂ to register or login using a username and password.
After submitting these details, a webpageÂ confirms the successful installation of the new “security” extension. It seems the scamÂ is targeting only Windows or Mac OS X users running Chrome.
Why are some add-ons a security hazard?
The add-ons are propagating the scam to victims. Since they reside in the browser, these extensions can perform any actions on behalf of the user, such as reading and modifying the data on the websites the user accesses.
Remember, donâ€™t click anything that seemsÂ suspicious, take a careful look at the URLs! Hackers count on your curiosity to make you part of the scam. Stay safe!
Update: Facebook has removed the page hosting the malicious URL. The extension is also nowhere to be found in Chrome’sÂ webÂ store.