A Facebook user by the name of Philippe Harewood on Wednesday spotted a rather interesting scam that leverages Facebook, Tumblr, and Google Chrome to spy on its victims. The privacy-violating campaign was later detailed further by security firm Webroot.
The whole campaign is based on the hopes that Facebook users want to change the theme of the site to another color, such as red. It can be of course adjusted to target other users as well.
Harewood explains how it works. A Facebook user is invited to a fake event on the social network. He or she then clicks on a Tumblr link, which redirects to another page (typically hosted on Amazon Web Services) that prompts the user to install a Chrome extension.
As Webroot notes, the real danger is the malicious Chrome extension, which once installed, has access to all your data on all websites, as well as access to your tabs and browsing history. The Facebook event and Tumblr links are merely used to trick users into thinking the extension will do what they want; all the URLs in question look legitimate since they are hosted on the aforementioned sites.
Here’s the page that entices users into changing their Facebook color theme:
Image credit: Chris Chidsey
Disclaimer: The views and opinions expressed in this article are those of The Next Web and do not necessarily reflect the views and opinions of DD Tech Solutions. This article is provided to you by The Next Web for your convenience only.