A new virus that collects passwords began to spread among Facebook users through a video that appears to be posted by friends. The new cyber attack threat attacks victim’s Facebook account and web browsers, according to security specialists who discovered the virus.
Facebook users can get the virus through a link received by email or on Facebook with a message that lets them know that they were tagged by someone in a posting on the social network. Accessing the link leads to an external website that invites them to download a browser extension or plug in order to access the video, said Carlo De Micheli, one of the security researchers.
After downloading the extension, the virus can access all browsing data stored by the browser, including accounts and saved passwords. The threat is serious because many people store their passwords in the Internet browsers.
Digital security specialists said the virus is spreading at a rate of 40,000 attacks per hour and has already affected more than 800,000 users of Google Chrome browser. Google has taken note of the threat and disabled extensions that allowed the virus to act.
“When we detect items containing malware or learn of them through reports, we remove them from the Chrome Web Store and from active Chrome instances. We’ve already removed several of these extensions, and are continuing to improve our automated systems to help detect them even faster,” ,” said Veronica Navarrete, Google spokeswoman, in a statement.
Facebook also has detected the virus and began removing the trap links.
“In the meantime, we have been blocking people from clicking through the links and have reported the bad browser extensions to the appropriate parties. We believe only a small percentage of our users were affected by this issue, and we are currently working with them to ensure that they’ve removed the bad browser extension,” said Michael Kirkland, a Facebook spokesman.
De Micheli said that people are used to clicking ‘accept’ when installing a plug-in, an extension or smartphone application. “A few years ago, you’d tell your friends, don’t click on attachments,” said De Micheli. Same warning applies now for browser add-ons.