

This allowed cybercriminals to gain a comprehensive understanding of a user's online presence and use this information for malicious purposes.Ĭybersecurity experts have warned users to be vigilant when downloading Chrome extensions and to only download extensions from reputable sources. In addition to hijacking login details, it was also able to gain access to consumers' Facebook messages, photos, and personal information. Once the user documented their login data, the phishing page would then transmit the information back to the cybercriminals, allowing them to log in to the consumers' Facebook accounts.

The extension was able to do this by embedding vicious code within the extension itself.Īccording to the investigators, the extension was able to gain access to users' Facebook accounts by using a phishing interface that looked identical to the Facebook login interface. It was also designed to collect browsing data and history, allowing cybercriminals to track consumers' online activities and target them with personalized ads or hijacking attacks.
