The attackers infected more than 100 thousand computers that are running extensions for the Google Chrome browser, which was available in the official Chrome Web store. This is reported by security experts at Radware company blog.
According to the researchers, the malware has intensified in March this year. Its found in seven different extensions. Links spread through Facebook that the victim went to a fake YouTube page where they offered to install additional programs. Immediately after installing the extension, run malicious scripts and turn the computer into part of a botnet.
This botnet stole data from Facebook and Instagram, and then used the information to send the same links to friends of the victim. In addition, the computers of infected users had installed a program-cryptobinary.
Experts said that at present all the dangerous extensions have been removed from the Google Web Store. They also disappeared from the browsers of infected users.