Criminals Use Facebook and Tumbler to Push Chrome Extensions That Can Access All Your Website Data

This article explains the privacy-violating campaign was later detailed further by security firm Webroot.The whole campaign is based on the hopes that Facebook users want to change the theme of the site to another color, such as red. It can be of course adjusted to target other users as well. Gives details on it works and these are the following: A Facebook user is invited to a fake event on the social network, which redirects to another page (typically hosted on Amazon Web Services) that prompts the user to install a Chrome extension; The extension then executes a JavaScript file (also hosted on Amazon) when it detects an open Facebook page, which creates a new Tumblr page and a new Facebook event. Finally, the script invites all your friends and pushes the Tumblr link, and the scam starts again. It concludes that, protecting yourself is very easy: don’t click on random links on Facebook, even if they are hosted on Tumblr. Being invited to a Facebook even does not suddenly make them safe.