A Kaspersky Lab researcher has discovered a Brazilian social engineering campaign that attempts to trick Facebook users into installing a malicious plug-in hosted on Google's Chrome Web Store.
The Facebook scam-page solicits victims by promising to teach them how to "remove the virus from their Facebook profile." Securelist claims that the application has 923 users, according to a post by researcher Fabio Assolini.
Users are asked (in Portuguese) to, "1) Click on install app, 2) click on allow or continue, and, 3) click on install now." Users that decide to click "Install aplicativo" are redirected to the legitimate Chrome Web Store where a malicious extension masquerades as Adobe Flash Player, Assolini wrote.
Once the extension is installed it has complete control of a user's profile. It then sends messages to that user's 'Friends,' encouraging them to install the malicious extension themselves. The app also sends out commands that make its victims' profiles 'Like' certain pages. This is the point. The scammers have created a service of selling 'Likes' to companies trying to promote their profiles on Facebook.
Continued : http://threatpost.com/en_us/blogs/facebook-scam-driven-malicious-chrome-extension-032612
Facebook Scammers Host Trojan Horse Extensions on the Chrome Web Store
Facebook users targeted with account-hijacking Chrome extensions
Free trip to the Grand Prix
Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.