Monday, 26 March 2012
Companies that wish to increase their visibility by promoting their profiles can pay individuals or groups to click the Like button using multiple accounts.
The particularly sinister part to this story is that the criminals don't set up lots of their own accounts. They have found it more efficient to take over victims' accounts and abuse those instead.
In a post on Kaspersky Labs' blog, which actually focusses on a security issue with Google Chrome extensions, Fabio Assolini notes that an extension called Trojan.JS.Agent.bxo is hosted on the official Google Chrome Web Store.
The malicious extension gains control of the victim's Facebook profile. Among other features, including the inevitable ability to spread itself, "the script also has commands to use the profile of the victim to 'Like' some pages."
The reason for this ability is to make money. Fabio includes a screenshot from a website that clearly offers a Likes-for-cash service.