Microsoft has announced that it has discovered a new wave of malware attacks that are trying to go after Facebook profiles. The malware itself, Trojan:JS/Febipos.A, is delivered via a browser extension that so far has been found to target users of Google's Chrome and Mozilla's Firefox browsers. We detect it as Trojan:JS/Febipos.A. The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox.
When installed, it attempts to update itself using the following URLs:
Chrome browser:
du-pont.info/updates/<removed>/BL-chromebrasil.crx
Mozilla Firefox browser:
du-pont.info/updates/<removed>/BL-mozillabrasil.xpi
Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A.
To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.
Depending on the file, this malware can do any of the following in the Facebook profile of an infected system:
Microsoft finds malware that targets Facebook profiles