Microsoft has issued a warning that a new piece of malware masquerading as a Google Chrome extension and Firefox add-on is making the rounds, threatening to hijack Facebook accounts
First detected in Brazil, Trojan:JS/Febipos.A attempts to keep itself updated, just like normal, legitimate browser extensions, Microsoft noted in a security bulletin late Friday.
Once downloaded, the Trojan monitors whether the infected computer is logged into a Facebook account and attempts to download a config file that will includes a list of commands for the browser extension. The malware can then perform a variety of Facebook actions, including liking a page, sharing, posting, joining a group, and chatting with the account holder's friends.
Some variants of the malware include commands to post provocative messages written in Portuguese that contain links to other Facebook pages. The number of likes and shares on one such page grew while malware experts at Microsoft were analyzing the Trojan, suggesting that the infections are continuing to occur.
Microsoft did not indicate how the malware installs itself or how many infections might have occurred.
There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection.
So while the malware appears to be designed to target users in Brazil -- where Portuguese is the dominant language -- Microsoft concluded that the Trojan could easily be modified to target users in other regions.