Security experts have uncovered a new scheme where hackers are using fake browser extensions to steal Facebook Business and Ads accounts. The campaign, discovered by the cybersecurity firm Bitdefender, targets users with promises of a verified blue checkmark.
The alleged malicious extension is called “SocialMetrics Pro.” Hackers are promoting it through at least 37 online ads and fake websites. These sites feature video tutorials, spoken in Vietnamese, that claim to guide users on how to get verified on Facebook and Instagram.
Instead of providing a real service, the extension is reportedly a malware. Once installed, it steals sensitive information from the victim’s browser. This includes their IP address and Facebook session cookies, which are the digital keys that keep a user logged into their account.
The stolen data is then sent directly to the hackers through a Telegram messaging bot. In some cases, the malware was also seen gathering more detailed account information using Facebook’s own systems.
- How to prevent Facebook from accessing unshared photos
- What is Grid Zero? Understanding the new Gen Z Instagram trend
According to Bitdefender, the malware files are secretly hosted on Box, which is a legitimate and trusted cloud storage service. The use of such a normal website helps the hackers avoid detection.
The researchers strongly believe the hackers are Vietnamese-speaking, based on the language used in the tutorial videos. The end goal appears to be financial gain. The attackers are likely selling access to the hijacked accounts on underground internet forums.
There is a high demand for such stolen accounts. Cybercriminals use established business accounts with good advertising records to run their own malicious ads. Because these accounts appear trustworthy, they can bypass Meta’s strict screening processes, allowing scammers to spread malware to a much larger audience.
Bitdefender notes this is part of a larger trend where attackers have industrialized their operations. By using automated systems and trusted platforms, they can quickly create and distribute large-scale malicious advertising campaigns.