Facebook Inc. (NASDAQ:FB) has developed quite a reputation over the years of allowing for a lot of collaboration and sharing of information. The accessibility to information abut various companies and individuals has, on the one hand, led to some connections among people that hadn’t been established online before, but also has led to some compromises of privacy in exchange for that freedom of expression and sharing.
It appears, though, that that openness is being exploited by some cyber-criminals, who apparently are raiding Facebook Inc. (NASDAQ:FB) through the Chrome browser by Google Inc. (NASDAQ:GOOG) using a rogue extension that may provide these criminals an opportunity to pocket thousands of dollars on the black Internet market. This hack is pretty elaborate and allows the cybercriminals to be able to access your profile and set up a large number of automatic “likes” on certain pages without your consent or knowledge. Apparently the way this hack works is innocuous enough, with an e-mail that has a link embedded in it – the link supposedly gives the e-mail recipient access to the Chrome Web Store where the recipient can download a “business version” of Adobe Flash player – which of course doesn’t exist. Once this extension is downloaded, it then monitors browser activity. When you are iusing the Chrome brwoser and you land on a Facebook page, the extension will check your cookies to see if yu are already logged into Facebook.
If the malware determines that you are already logged into the Facebook Inc. (NASDAQ:FB) site, the extension then will grab some Java code and can essentially take over your account. Malicious links, automatic “likes” and spam posts to friends can all happen with this code, and the malware can even steal your access cookies and allow the criminals to access your profile from another computer.
But where do the criminals make money on this scam?