Bitdefender has warned hackers are using the Facebook advertising platform to trick Bitwarden users into installing a fake security update that steals personal data and credit card information from businesses and individuals alike.
Once lured to the fake Chrome Web Store, users then download a zip file that is manually loaded as a Chrome browser extension using Developer mode, avoiding the usual security checks that would take place when adding a browser extension.
The malware also uses a background.js script to harvest data from Facebook cookies, including information on location and IP address, and uses the Facebook Graph API to extract all of the stolen data to the hackers C2 server.
Bitdefender recommends that users and security teams keep an eye out for extensions that request excessive permissions, as well as those with obfuscated functions such as 'chrome.runtime.onInstalled.addListener'.
Collection
[
|
...
]