الاثنين، 2 مايو 2016

Trojan In Chrome Extension That Spam Your Facebook Friends


Trojan In Chrome Extension That Spam Your Facebook Friends.


Trojan.BPlug.1074 is the name of a newly found trojan that covers in Chrome extensions as well as it will spam your Facebook friends with that links to reach the malicious websites.


  • BPlug spams your friends through the groups of user and Facebook mentions.
  • Spam guides the users to make clone of Facebook accounts.
  • Security researchers detected over 12,000 users who installed this malicious plugin in their Chrome browser.


A week ago, BPlug was first seen, as part of a JavaScript files of Google Chrome extensions. Just one time users install the Chrome extension in their browser then it would wait for the victim to visit Facebook.

Here, the trojan would recover the UID(user identifier) of a user and their CSRF token. This information is then used to work the actions on Facebook on the behalf of the user.

BPlug spams your friends through the groups of user and Facebook mentions.

BPlug will cover some of the top-right menu options of the user that is protecting them from contacting the logout menu, but it will also generate an accidentally named the group in the name of the user.

In this group, the trojan will then distribute a link at a range of intervals and start mentioning random friend names from your contact list.

These friends will accept a notification as well as in most of the cases, they will examine the post of the group from time to time just clicking on the link if it is not distinguishing it as a spam message.

Spam guides the users to make clone of Facebook.

This link obtains the users to a similar website of Facebook that creates it appear like someone has shared a video of YouTube with their friends. Only on clicking to view this video on that time the user to download a plugin. 

In the case of browsers of Google Chrome, the researchers of Dr.Web security declare that it is an additional plugin for Google Chrome which surrounding the same BPlug Trojan as well as other malware.

An individuality of this link is that it only displays the fake YouTube video if the user is connecting it from inside the group of Facebook. Accessing it honestly or from one more website displays a blank page.

The researchers of Dr.Web said that they identified over 12,000 users who already installed this malicious extension in their Chrome browser. 

ليست هناك تعليقات:

إرسال تعليق