Redirection takes place through the following IP: Hxxps://hxxps://hxxps://hxxps://Sample automatically registered Tumblr accounts participating in the campaign: Sample Facebook Events spreading the bogus Tumblr URls: In case users choose not to accept the EULA and the Privacy Policy, the cybercriminals behind the campaign will once again attempt to monetize the hijacked Facebook traffic by asking them to participate in surveys, part of CPA (Cost-Per-Action) affiliate network, earning them money: To further improve its legitimacy, and to play by Google’s newly introduced strategy to fight rogue Chrome extensions, the cybercriminals behind the campaign not only hosted it on Amazon’s cloud, they also featured it in Chrome’s Web Store: Once users accept the EULA and Privacy Policy, they will become victims of the privacy-violating Chrome extension: Users are exposed to the following page, enticing them into changing their Facebook color theme: The campaign is relying on automatically registered Tumblr accounts, where the actual redirection takes place. Sample screenshot of one of the few currently active Facebook Events promoting the rogue Chrome extension: Once installed, it will have access to all the data on all web sites, as well as access to your tabs and browsing history. Cybercriminals have recently launched a privacy-violating campaign spreading across Facebook in an attempt to trick Facebook’s users into installing a rogue Chrome extension.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |