Well, as we motor into today’s weekend, one thing is for sure: We will probably be using our social media tools more to plan out our weekend activities, and for communicating with family and friends. There is no doubt that the likes of them have for sure received their fair share of news headlines, most of them of them in the negative.
But in my view, this is rightfully so. True, we have to protect our own accounts and watch carefully whom with we interact with, but these social media sites also have a responsibility to the public and most importantly, their end user base of whom we depend upon to help ensure our security as well.
But, it should come to of no surprise once again that as we close out the week, that Facebook is yet once again making news headlines. No, not on CNN, or CNBC, but rather in the hacking world.
Let’s examine this further. The issue at hand is what is known as a “Chrome Extension”. Yes, we all have heard of Chrome, it is the very popular web browser made available by Google. In fact, I use it quite extensively, and have vowed to myself, as far as possible, never to use Microsoft Edge ever again. So, what exactly is a “Chrome Extension”? It can be defined as follows:
Many times, these Chrome based extensions are small pop ups that appear as you surf the web using Chrome. For the most part, you know that these pop ups are safe, because you have actually downloaded and installed the Chrome extension to make them appear.
It is important to note that these kinds of pop ups are not the same as those pop ups that just appear at willy nilly on your web browser – these are the unsafe and malicious kind.
But yet once again, Cyber attackers are taking advantage of even this, and even creating fake Chrome extension pop ups in an effort to ensnare web surfers to visit phony sites, which look like the real thing. In a way, this is very much like a Phishing scheme; but rather than getting an e-mail message, you are getting a phony pop up.
In fact, the latest malware to infect legitimate Chrome extensions is known as “NigelThorn”, and since its introduction in March, it has already infected some 100,000+ users worldwide. But this one likes to especially prey on Facebook, and infect systems with malicious Chrome extensions that steal their social media credentials, install cryptocurrency miners, and engage them in click fraud.
Current research has shown that NigelThorn was sent through at least seven different types of Google Chrome extensions – all of which could be downloaded from Google’s official Chrome Web Store. Apparently, NigelThorn makes use of legitimate Chrome Extensions and injects a specific piece of malicious code into them which even bypasses that of the Google’s extension validation and security checks.
Even worst yet, NigelThorn even makes use of the Chrome Extensions in order to start maliciously mining for cryptocurrencies, which include the likes of Monero, Bytecoin, and Electroneum. In just less than one week, approximately $1,000 in cryptocurrencies, mostly Monero.
If an end user tries to uninstall any of these particular Chrome Extensions, that tab will also close automatically, thus making it that more difficult to remove NigelThorn. Even worst, NigelThorn also disables the clean-up tools that are offered by Facebook and Google.
The following are seven Chrome Extensions which have been affected by NigelThorn:
- Divinity 2 Original Sin: Wiki Skill Popup
It is important to note that Google has removed all of these above mentioned Chrome Extensions from its store. They also advise to keep changing your Facebook and Instagram passwords on a regular basis (YUKKK – in this case, get a Password Manager). What can you do stay safe? It’s just comes down to trusting your gut – if a link from a pop up appears from a Chrome Extension just simply does not look or feel right, then DON’T CLICK ON IT!!!