This isn’t the first, or even the second time that Facebook has been used to distribute malicious browser extensions and ultimately malware. Back in September, criminals posted a hoax news article about Brad Pitt taking his life on Facebook to convince victims into visiting a malicious website. Even earlier in June, a malicious Chrome extension was found distributing malware and replicating automatically by tagging friends of the infected victim in Facebook posts.
Facebook’s widespread popularity makes it an excellent avenue for malware authors to infect many victims, and I don’t expect that to change anytime soon. All three of these mentioned attacks have something in common though, the victim must click something to become infected. Users should always be wary of unsolicited links and images, whether they be received via email or a Facebook message. As we’ve seen, some malware can automatically send itself to the victim’s Facebook friends list. Just because a file came from a friend, doesn’t mean that its safe. –Marc Laliberte