A new trojan affecting Facebook users from Brazil, is hijacking accounts while appearing to be a legitimate Google Chrome and Firefox extension.
The trojan JS/Febipos .A is a malware first detected in Brazil which masquerades as a legitimate browser extension while attempting to sabotage your Facebook account. Much like a real Firefox or Chrome extension, the bug will attempt to keep itself updated, and once it detects that you're logged into Facebook, it can perform a variety of actions.
The trojan will download a config file for the browser extension that allows it to like a page, share, post, join groups and chat with the user's friends. Some varieties of the trojan will post provocative messages or link to other Facebook pages. During Microsoft's investigation, the likes and shares on one such pages grew, meaning the bug is most likely still spreading.
Microsoft has not indicated how the trojan spreads, but has stated that while currently targeting Portuguese speakers, such as those in Brazil, it could easily be modified to focus on users in other regions: "There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection.”