Latest Facebook scam is spreading like wildfire and it uses a Chrome app to steal login credentials — So watch out.

Facebook is the most used social media platform around the world with 1.65 billion users and that’s what makes it a lucrative target for crooks, hackers and online scammers. Today, HackRead got to know about a dangerous scam spreading on Facebook like wildfire, thanks to Assaf Megidash for the alert.

It begins with a notification on Facebook that a friend of yours has tagged you (potential victim) in a post. The post is actually a video that uses victim’s profile pic as its thumbnail which is quite a shocker for everyone seeing their picture on an unknown video and likely tempt them to click on the video post.

Must Read: Facebook ‘Comment Tagging Malware’ Spreading via Google Chrome
dangerous-facebook-post-tagging-virus-spreading-like-wildfire-3-sides
Screenshot shows a user has tagged their friend on a video with their profile picture

However, truth is far from reality, the tagged victim is tagged is not a video neither photo file; it is rather a link to a malicious website which looks like Facebook and once victims click the link they are taken to that malicious site whose address is “u1dmofz3.todayonlynews (dot) com” and several others. Once on this domain, the victims are redirected to yet another domain “bebetter500 (dot) com” where the actual scam is hosted.

The chrome extension can read your browser history and change the data on sites you visit

Once on the BeBetter500 website, victims can see a fake yet authentic-looking Facebook page asking them to view a video but in order to do so, they have to install a chrome extension labeled as Ozuji. As mentioned above, the page looks real and it also shows several comments from authentic Facebook users which can trick victims into installing that chrome extension. The extension can read your browser history and change the data on sites you visit. That can include changing of your financial details or Facebook login credentials.

dangerous-facebook-post-tagging-virus-spreading-like-wildfire
An exclusive screenshot from the scam site

The description on the extension page is “Ozuji blue ipugo nuva ufiso ayivez,” which is in Cebuano language, an Austronesian regional language spoken in the Philippines. This indicates that the scammers may be from the Philippines. Upon adding the extensions it was noticed that no software was downloaded to our device. However, a Facebook profile made specifically for our test showed that ten friends were instantly tagged that means the extension was quick to gain control of our test profile.

dangerous-facebook-post-tagging-virus-spreading-like-wildfire-2

Read: Facebook Phishing Scam Using Pornographic Images to Steal Login Data

The good news is that at the time of publishing we noticed that Google has removed the Ozuji extension from its chrome store. However, it is unclear if there are more extensions on the store – serving the same scam.

screen-shot-2016-09-13-at-2-06-26-pm
Ozuji extension has been deleted by Google however it’s still showing on Google search results

The users most targeted by this scam were Israeli, but the Internet has no borders and you may soon become the next victim of this scam. That is if there are extensions other than the now removed Ozuji.

If you have received a notification such as this, it simply means that your friend has fallen victim to this particular scam.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.