3 min read

`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan

Bianca STANESCU

February 06, 2014

Promo Protect all your devices, without slowing them down.
Free 30-day trial
`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan

Facebook users worldwide may be exposed to the Carfekab Trojan spreading in a new virulent campaign on the social network. The ‘Profile Viewers’ add-on entices users with the promise of seeing their stalkers on Facebook. Over 2,400 .tk domains have already been registered for malicious purposes.

The browser extension fraudulently gathers ‘likes’ and spreads from one timeline to another. The downloaded “.exe” installs a malicious file, detected by antivirus software Bitdefender as Trojan.JS.Carfekab.A. The malware is capable of posting messages on users` behalf and sending their personal data to the attackers` servers. The Trojan may also be used for browser spying.

`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan

The infection propagates through Facebook messages in which victims share a random number of times their profile has been viewed. They also unwittingly tag their friends.

`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan

Top Visitors is then followed by a malicious link that leads to a browser add-on titled “Profile Viewers” or “Who Views.”

“Ever wanted to know who is viewing your profile or who has viewed it while you were offline?,” the website of the fake app reads. “Now you can! Just click the ‘Start Now’ button below to find out.”

The code allows cyber-criminals to spread several variations of the scam. The number of profile visitors could never be “0.”

`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan `Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan

Malware writers gain immediate access to victims` contact lists after they click on the dangerous web site. By showing that the victim`s friends liked the app and tagging them, cyber-crooks increase both the scam`s credibility and its spreading rate on Facebook.

They also seem to hijack the number of likes of the social network`s official Facebook page. As far as it gets new likes, the malicious page also claims to have gathered the same number of likes. So far, over 111 million users clicked the Ëœlike` button on Facebook`s product and service page, and scammers pretend the same number likes theirs.

`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan Carfekab cyber-crooks also make money through fraudulent surveys. By asking users to take a quiz after multiple redirects, they earn ad revenues.

`Profile Viewer` Add-on Infects Facebook Users with Carfekab Trojan If users have installed ad blocking software, malware writers post a warning message to “help” them disable the ad-block.

Bitdefender experts have been studying malicious browser add-ons for several years. One study published in 2012 in the Virus Bulletin showed malware developers continuously exploit the general belief that add-ons are benign. By developing cross-platform malicious extensions, attackers can gain access to users’ sensitive information.

In May 2013, Microsoft warned about the Febipos Trojan, which was hijacking Facebook accounts by luring users with messages such as “15 year-old victim of bullying commits suicide after showing her breasts on Facebook”, “R$1000-voucher contest” or “a brand new Celta paying R$13 per day!” Febipos was able to ‘like’ a page, join a group, invite friends to a group and even chat with them.

tags


Author


Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story.

View all posts

You might also like

Bookmarks


loader