The scam, which involved an email sent to users claiming that they had been mentioned in a Facebook. The message was actually initiated by the attackers and unleashed a two-stage attack. “Between the 24th and 27th June, thousands of unsuspecting consumers received a message from a Facebook friend saying they’d mentioned them in a comment. The message had in fact been initiated by attackers and unleashed a two-stage attack” Kaspersky Lab said. The first stage was to download a trojan into the victim’s computer that used to install a chrome browser extension. By installing a Chrome extension the second stage comes into play. Whenever the victim tries to log in their Facebook through the compromised Chrome browser they end up losing the Facebook account. “The first stage downloaded a Trojan onto the user’s computer that installed, among other things, a malicious Chrome browser extension. This enabled the second stage, the takeover of the victim’s Facebook account when they logged back into Facebook through the compromised browser” Kaspersky lab said According to the Kaspersky lab, The successful attack gave hackers the ability to change the privacy settings, steal data and spread the infection through the victim’s Facebook friends or undertake other malicious activity such as spam, identity theft. Kaspersky also said the malware attempt to preserve itself by a black-listing entrance to several websites, especially those related to the security software providers. Kaspersky lab also mentioned that Windows operating systems were at the elevated danger. Whereas Android and iOS were at no risk because the malware used libraries are not compatible with these operating systems. Ido Naor, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab said “Two aspects of this attack stand out. Firstly, the delivery of the malware was extremely efficient, reaching thousands of users in only 48 hours. Secondly, the response from consumers and the media was almost as fast. Their reaction raised awareness of the campaign and drove prompt action and investigation by the providers concerned” So if you think that you may be infected then you must run a malware scan on your computer and look for suspicious Chrome extension. If you managed to find the unusual Chrome extension then you need to remove it as soon as possible and log out from your facebook profile.
Here are the Basic cyber-safety practices from Kaspersky Lab:
Install an antimalware solution on all devices and keep OS software up-to-date. Avoid clicking on links in messages from people you don’t know, or in unexpected messages from friends. Exercise caution at all times when online and on social media networks: if something looks even slightly suspicious, it probably is. Implement appropriate privacy settings on social media networks such as Facebook.