Faithful Geek readers who surf with Google Chrome wouldn’t be fooled by the extension listed above. But the fact that it’s pretending to be Adobe Flash Player coupled with the fact that it’s hiding out in the official Chrome Web Store is more than enough to trick some users — about a thousand so far.
Security researchers at Kaspersky Labs spotted this wave of malicious extensions in Brazil, where Chrome has become the most popular web browser in the country. Fraudsters took that into account when hatching their scheme, which involves selling Facebook likes to unscrupulous types who want to give their brands a boost and don’t care to play by the rules. The going rate is about $27 for 1,000 likes.
To push their cash-for-likes system, the people behind these extensions are sneakily advertising them on Facebook. As is the case with a lot of social imaging malware, the ads claim to offer users a way to re-color their profiles or track who’s looking at them — or even to remove the “virus” that’s infecting their profiles. Once installed, the extensions begin spamming likes and posting messages to walls enticing other users to download.
As long as you’re paying attention, you’re not likely to get caught in a snare like this. If you’re after a Facebook profile customizer, a Chrome extension that appears to be Flash Player obviously isn’t what you were looking for and you should skip installing it. That goes double since you’re using Chrome, which already has its own built-in Flash Player anyway.
Malicious extensions in the Chrome Web Store aren’t a new thing, but this activity in Brazil shows that the bad guys are hatching more elaborate plots and employing techniques similar to those used by Android Market/Google Play malware. Guess it’s time for Google to turn Bouncer loose on the Web Store, too.
More at Kaspersky