The French government issued a formal warning last week after the number of Facebook spam infections increased significantly.
In this particular spamming campaign the victims receive a message from one of their Facebook friends, asking them if they are the person in a video. The message also contains a link to a YouTube video uploaded online.
The people behind the malicious campaign are not amateurs, having created the message using both the receiver’s name and photo for the spam link’s preview.
Once the victims follow the link to the video they are asked to install a Chrome browser extension to be able to watch it. But, in the extension, is hidden the Eko malware.
Reports from the French local media, including the Le Monde newspaper, reveal that the extension goes under different names and injects ads to the webpages the victims visit. More importantly, it is also able to steal data such as browser history and passwords.
The malicious messages are currently being scanned and blocked by Facebook. On October 4th, the Interior Ministry of France used its Facebook page to warn users not to follow these links.
Users who have already clicked on the link are strongly recommended to search their browsers` settings and remove the malicious extension. The authorities suspect that users of other browsers may have been infected as well.
For the moment, there is no evidence of the rogue spamming campaign to be targeting another country other than France.