Over 500K VKontakte accounts hijacked through malicious Chrome extensions

Source: The Record

Cybersecurity researchers have uncovered a malware campaign that reportedly hijacked half a million accounts on VKontakte — Russia’s most popular social network — through Google Chrome browser extensions disguised as customization tools. In a report published last week, researchers at Koi Security said they identified a network of five Chrome extensions marketed as tools to change themes and enhance the VK user experience. The extensions took control of infected accounts and manipulated settings without users’ consent. The extensions could automatically subscribe victims to attacker-controlled groups, reset personal settings every 30 days, and exploit weaknesses in VK’s security protections to carry out unauthorized actions. Full Story