Stumbled upon a malicious Facebook ad. The add promises a funny quiz and links to hallo-quiz [dot] com. That site will then redirect you to fimepobala [dot] com which shows the supposed quiz (only visible with the correct referrer).

It will then claim that you need a browser extension called "Soziale-Inhalt" for the quiz (yes, broken German, the developers seem to be French). The surprising part: the extension seems to do exactly what it claims to do, namely showing user profile when hovering a Twitter link.

Follow

I can only assume that the point is getting as many users as possible, then releasing a malicious update. On Chrome (more complicated installation) the extension has 12k users, for Firefox it's impossible to see the numbers.

Facebook has been notified and promptly responded that no policy violation has been found. I guess that Google and Mozilla won't act either, at least as long as the extension isn't malicious.

@WPalant What would be ideal? Perhaps a flag on the extension such that all updates must first have their diff reviewed by Google/Mozilla before being released to the public?

@varx There are enough indicators of shady behavior for Facebook to take this down. Of course, only if somebody takes time to look properly - something that Facebook employees usually cannot do.

On Twitter people cc'ed @robleathern@twitter.com who escalated this issue, so Facebook might still do something about this.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.