Multiple reports regarding this threat was first discovered in Brazil. Microsoft detect it as Trojan:JS/Febipos.A. The malware is a malicious browser extension specifically targeting Chrome and Mozilla Firefox as reported by Microsoft Malware Protection Center.
As per Microsoft reports :
When installed, it attempts to update itself using the following URLs:
Chrome browser:
du-pont.info/updates/<removed>/BL-chromebrasil.crx
Mozilla Firefox browser:
du-pont.info/updates/<removed>/BL-mozillabrasil.xpi
Note: Updated versions of this threat have been verified and are still detected as Trojan:JS/Febipos.A.
To begin with, this Trojan monitors a user to see if they are currently logged-in to Facebook. It then attempts to get a configuration file from the website <removed>.info/sqlvarbr.php. The file includes a list of commands of what the browser extension will do.
Depending on the file, this malware can do any of the following in the Facebook profile of an infected system:
- Like a page
- Share
- Post
- Join a group
- Invite friends to a group
- Chat to friends
- Comment on a post
More Information can be seen on technet : http://blogs.technet.com/b/mmpc/archive/2013/05/10/browser-extension-hijacks-facebook-profiles.aspx
