Stumbled upon a malicious Facebook ad. The add promises a funny quiz and links to hallo-quiz [dot] com. That site will then redirect you to fimepobala [dot] com which shows the supposed quiz (only visible with the correct referrer). #infosec
It will then claim that you need a browser extension called "Soziale-Inhalt" for the quiz (yes, broken German, the developers seem to be French). The surprising part: the extension seems to do exactly what it claims to do, namely showing user profile when hovering a Twitter link.
Facebook has been notified and promptly responded that no policy violation has been found. I guess that Google and Mozilla won't act either, at least as long as the extension isn't malicious.
@WPalant What would be ideal? Perhaps a flag on the extension such that all updates must first have their diff reviewed by Google/Mozilla before being released to the public?
@varx There are enough indicators of shady behavior for Facebook to take this down. Of course, only if somebody takes time to look properly - something that Facebook employees usually cannot do.
On Twitter people cc'ed @email@example.com who escalated this issue, so Facebook might still do something about this.
A Mastodon instance for info/cyber security-minded people.