Microsoft has been receiving reports from Brazil about a browser extension with malicious intent, that attempts to hijack the Facebook profile of the victim. The malware, Trojan:JS/Febipos.A, is being specifically targeted at Google Chrome and Mozilla Firefox browsers.
Once installed, this browser extension checks to see if the user is currently logged in to his/her Facebook account. If so, it then executes a series of commands to do the following:
- Like a Page
- Share a Page or Post
- Post on users behalf
- Join a group
- Invite friends to join a group
- Chat with friends
- Comment on a post
It may also post various messages in Portuguese and links on your Facebook wall.
Microsoft suggests that you be wary of installing any unknown browser extensions or software which install unknown or unwanted browser extensions, and ensure that your antivirus software is up-to-date.
Read: Browser Hijacking and Free Browser Hijacker Removal Tool.
And what extension is this, so people can avoid it?
Useless info, if you didn’t mention the extension name … !!!!!!
The Microsoft post only refers to the extension as “Trojan:JS/Febipos.A”.
I agree what is the extension so as users know
I think Mr. Khanse has made a good point…sometimes if you’re lucky, with the vast amount of junkware sailing around at the moment, some AV outfit or MS or whoever at least tells you the most important malware file to go searching your HDD for; from my own experience past few months, just because one has found an app/ext via a reputable medium, does NOT mean everyone knows right away what the results of a GMER background scan, for example, may reveal on final end user PCs (anybody can provide a “clean” copy of anything just to get a site to allow their downloads, and even BleepingComputer earlier 2013 had Sality infused into ComboFix). Again, Mr. Khanse’s article shows it’s a good idea to check EVERYTHING one installs, these days.
I fully agree with you. And like you wrote I don’t install anything without checking it.
I only thought Mr. Khanse might know the extention’s name, so it would be easier for the lesser computergods to avoid the thing.