Simply Security - News, Views, and Opinions from Trend Micro

Posted on September 14th, 2012 in Web Threats by Simply Security | Be the first to comment | Tags: web threats

Seeking to address user dissatisfaction with Facebook’s Timeline feature, several Google Chrome plug-ins offer to turn the feature off - in exchange for access to personal browsing data.

Seeking to address user dissatisfaction with Facebook’s Timeline feature, several Google Chrome plug-ins offer to turn the feature off – in exchange for access to personal browsing data.

A recent Barracuda Networks assessment found that three of the six plug-ins available in the Google Chrome Web Store that claim to block Timeline actually posed a threat to users. In the fine print details often ignored by Internet users, the three plug-ins requested permission to access users’ browsing histories – even when they were not logged in to Facebook. In theory, this allowed the extensions to send personal information, including things such as credit card numbers from online purchases, California Watch noted, to a third-party server for storage.

Jason Ding, a researcher at Barracuda, noted that the dangerous plug-ins were also skilled in using social marketing to spread their suspicious software. By creating Facebook events and Tumblr pages that pointed toward the plug-ins, developers were able to promote their software, and, as of Barracuda’s report, more than 90,000 users had downloaded the plug-ins.

“No one knows and uses social media better than these Chrome plug-in hackers,” Ding noted,
pointing out parts of code that automatically promoted the plug-ins to Facebook users’ friends.

California Watch reported on September 12 that Google had removed the plug-ins as a result of the study. A Google spokewoman noted that browser extensions have the potential to access any browsing data. The company reviews the apps in its store but also relies on third parties to monitor for suspicious plug-ins. Google preached caution when installing plug-ins, urging users to read reviews and check to make sure extensions geared to a specific site did not ask for permission to access every site.

This is not the first instance of developers targeting Facebook users with malicious Chrome extensions. Researchers reported in March 2012 on a malware-ridden set of Chrome extensions that claimed to be a Facebook Flash Player installer and attacked mostly Portuguese-speaking users.

In May 2012 analysts also noted the spread of a cross-browser extension targeting Facebook users across Chrome, Firefox and Internet Explorer and directing them to malicious affiliate sites. Since the extension ran in a browser without an executable file, it posed a detection challenge for antivirus software. Moving forward, malicious browser extensions will likely continue to be an Internet security threat, particularly on social networks like Facebook where it is easy for them to spread.

Security News from SimplySecurity.com by Trend Micro