Malicious Chrome Extensions in the Official Chrome Store Are Being Used to Hijack Facebook Accounts

This is dirty. Hackers are uploading malicious Chrome extensions to the official Google Chrome Web Store in hopes of tricking people to download them. Once downloaded, the extensions have the ability to completely hijack Facebook accounts.

Even worse, those malicious Facebook-jacking extensions are advertised on Facebook! The ads claim that it's possible to change the color of your Facebook profile page, track profile pages and presumably add unicorns and vajazzling to it too. Of course, some unsuspecting tween might fall for it, get re-directed to the official Chrome Web Store page and assume all extensions are safe because they're on the official Google page. Unfortunately, they're not. The extension will hijack your Facebook account, spam your friends about this new extension and then Like pages without you knowing. It's a dirty process done by people who sell Likes to companies.

So next time you're downloading a Chrome extension, be wary. One of the dirty extensions was actually labeled Adobe Flash Player too, so you have to double and triple check everything you put onto your browser. [Secure List via Computer World]