Microsoft finds malware that targets Facebook profiles

Published by

Microsoft has announced that it has discovered a new wave of malware attacks that are trying to go after Facebook profiles. The malware itself, Trojan:JS/Febipos.A, is delivered via a browser extension that so far has been found to target users of Google's Chrome and Mozilla's Firefox browsers. We detect it as Trojan:JS/Febipos.A. The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox.



When installed, it attempts to update itself using the following URLs:  

Chrome browser:

du-pont.info/updates/<removed>/BL-chromebrasil.crx  

Mozilla Firefox browser:

du-pont.info/updates/<removed>/BL-mozillabrasil.xpi 

Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A.

To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.

Depending on the file, this malware can do any of the following in the Facebook profile of an infected system:

  • Like a page
  • Share
  • Post
  • Join a group
  • Invite friends to a group
  • Chat to friends
  • Comment on a post

Microsoft finds malware that targets Facebook profiles


Share this content
Twitter Facebook Reddit WhatsApp Email Print