- Facebook is filing a lawsuit against the makers of four Chrome extensions that installed code on users’ computers designed to scrape private information.
- The company behind the following extensions goes by Oink and Stuff: Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger.
- If you downloaded any of the extensions above, delete them as soon as possible.
Chrome is the most popular browser on the planet by a wide margin, but thanks to third-party extensions, the Chrome browser on your computer probably doesn’t look anything like the one on your neighbor’s computer. Personalization is one of the many features that Google’s browser offers, but the problem with the Chrome Web Store — which is where all of the themes and extensions are made available — is that it isn’t nearly secure enough.
An insightful piece from CPO Magazine last month discussed the strides that Google has made in keeping users safe from malicious extensions, but some still sneak through the cracks. Facebook actually made users aware of four such extensions last week by filing a lawsuit against a Portugal business called Oink and Stuff for distributing extensions it claims “were malicious and contained hidden computer code that functioned like spyware.”
These are the extensions Facebook cited in its blog post, so delete them immediately if you have them installed:
- Web for Instagram plus DM
- Blue Messenger
- Emoji keyboard
- Green Messenger
It’s unclear how many users actually installed any of these extensions, but the apps in question appear to have been removed from the Google Web Store. Still, the developer Oink and Stuff continues to offer extensions on the store, all of which we recommend you avoid. Here’s what Facebook had to say about the extensions:
When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users’ browsers unrelated to Facebook — all without their knowledge. If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account. The defendants did not compromise Facebook’s security systems. Instead, they used the extensions on the users’ devices to collect information.
This is just the latest of countless warnings Chrome users have received about potential dangerous extensions in recent months. Google might be doing its very best to weed out the troublesome software, but hackers are going to continue to find ways around Google’s security for as long as Google continues to put up walls to stop them. In case you need to hear this again, only download software from trusted sources, and even then, don’t mindlessly download something just because it’s available on a virtual storefront that you’ve used before.