This threat is installed as an add-on for Chrome and Mozilla Firefox internet browsers. It does not affect Internet Explorer.
can be installed by the malware TrojanDropper:Win32/Febipos.A.
Once installed the trojan will check for, download, and install an updated copy of itself from the following URLs:
It will then attempt to read a configuration file that tells the trojan what actions to perform. This file might be one of the following:
The file has a list of commands for what the trojan can do in your Facebook account, including:
- Liking a page
- Sharing a post
- Posting messages
- Joining a group
- Inviting your friends to a group
- Sending messages and links via chat
- Commenting on posts
The content of these posts change regularly and can include links to Facebook pages or external websites.
The blog post Browser extension hijacks Facebook profiles has more information about this threat.
Analysis by Jonathan San Jose.
Alert notifications from your antivirus software may be the only symptoms of this threat.
You may find you have liked or shared Facebook content without your consent.