Malware disguised as a Facebook video has infected up to 800,000 users’ machines, according to independent Italian security researchers. The malware hijacks web browsers to harvest passwords, using a fake browser plug-in for Google’s Chrome.
Speaking to the
New York Times’ Bits blog, researcher Carlo de Micheli says that the malware spreads in links, emails or Facebook messages which tell users they have been “tagged” on the site. When users click the link, they are prompted to download a browser extension, Micheli says.
The extension is malicious – and can send any information stored in the browser to the attackers. Many web users store information such as passwords, Facebook and Twitter log-ins, and that information is instantly available to the attackers.