A Google Chrome app promises to change the color of Facebook accounts, but in reality steals authentication cookies and generates blogs registered to the user’s Gmail account, researchers said.
Once a victim downloads the malicious app from Google’s Chrome Web Store, it starts displaying a large Google Ads banner redirecting a user to a “work from home scam,” said researchers at Bitdefender. When clicking the sign-up link, users end up redirected to a fraudulent website.
The blogs generating under the email address of the victims further disseminate the scam and have registered a large number of hits among users in the U.S., the UK, Germany, Spain, Romania, and other countries.
The app can also post wall messages on the victims’ account. The messages use friend tagging to convince the victim’s friends to visit the blog domains. Each time the app posts on a users’ timeline, it links to one of the auto-generated blogs as to avoid blacklisting.
“Scammers gave a new twist to the old change-your-Facebook-color scheme that’s been luring users to fraudulent websites to grab credentials and other sensitive data,” said Catalin Cosoi, Bitdefender’s chief security strategist. “By creating dozens of blogs for a single account, the scam spreads like wildfire among Facebook friends.”
The app in question — “Modify Your Facebook CoIor” — has 38,000 user downloads from the Play Store, Softpedia researchers said.