Google Chrome App Grabs Identities, Forges Blogs in Victims’ Name to Promote Scam
A Google Chrome app that promises to change the color of Facebook accounts instead nabs authentication cookies and generates dozens of blogs registered to the victims’ Gmail address, in a new scam analyzed by Bitdefender Labs.
Once the malicious app is installed from Google’s Chrome Web Store, it starts displaying a large Google Ads banner redirecting users to a “work from home scam.” When clicking the sign-up link, users are redirected to a fraudulent website.
“Scammers gave a new twist to the old change-your-Facebook-color scheme that’s been luring users to fraudulent websites to grab credentials and other sensitive data,” says Chief Security Strategist Catalin Cosoi. “By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends.”
The blogs generating under the e-mail address of the victims, which are used in further disseminating the scam, have registered a large number of hits among users in the US, the UK, Germany, Spain, Romania, and other countries.
The app can also posts wall messages on the victims’ account. The messages use friend tagging to convince the victim’s friends to visit the blog domains. Each time the app posts on a users’ timeline, it links to one of the auto-generated blogs as to avoid blacklisting.
This article is based on the technical information provided courtesy of Andrei Serbanoiu, Bitdefender Software Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.