beware-widspreading-facebook-comment-tagging-virus-top

Our friends over at HackRead have been tipped about a new Facebook post tagging scam that uses a Google Chrome app to attempt to steal your login credentials.

According to their report:

It begins with a notification on Facebook that a friend of yours has tagged you (potential victim) in a post. The post is actually a video that uses victim’s profile pic as its thumbnail which is quite a shocker for everyone seeing their picture on an unknown video and likely tempt them to click on the video post.

However, truth is far from reality, the tagged victim is tagged is not a video neither photo file; it is rather a link to a malicious website which looks like Facebook and once victims click the link they are taken to that malicious site whose address is “u1dmofz3.todayonlynews (dot) com” and several others. Once on this domain, the victims are redirected to yet another domain “bebetter500 (dot) com” where the actual scam is hosted.

Once on the BeBetter500 website, victims can see a fake yet authentic-looking Facebook page asking them to view a video but in order to do so, they have to install a chrome extension labeled as Ozuji.

As you can see from the image below, the fake Facebook site looks like the real one, it even shows comment notifications.

dangerous-facebook-post-tagging-virus-spreading-like-wildfire-768x505

Google has removed the Ozuji extension from the Chrome Store, but there could be other malicious extensions to keep this scam going.

Most of the users targeted by this scam were Israeli, but it has been spreading quickly. Assuming there are more malicious extensions in the Chrome Store, it could easily spread to more users.

If you’ve been tagged in something similar, then one of your friends has fallen victim to this scam.