Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook’s website and from users’ systems without authorization.
The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the “Oink and Stuff” business name.
“Four of their extensions — Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger — were malicious and contained hidden computer code that functioned like spyware.”
The four extensions are still available for download in Google’s Chrome Web Store and they currently have more than 54,000 users.
Facebook systems’ not compromised
After being installed on the users’ computers, these Chrome extensions also installed malicious code in the background which allowed the defendants to scrape user data from Facebook’s site.
The malicious Chrome add-ons were also used to surreptitiously collect data unrelated to Facebook from the users’ web browsers.
While the users were browsing the Facebook website, the extensions automatically scraped account information including the victims’ name, user ID, gender, relationship status, and age group among others.
Romero added that the defendants did not compromise Facebook’s security systems during their malicious activity but, instead, they only used the extensions installed on users’ devices to scrape data.
“We are seeking a permanent injunction against defendants and demanding that they delete all Facebook data in their possession,” Romero concluded.
“This case is the result of our ongoing international efforts to detect and enforce against those who scrape Facebook users’ data, including those who use browser extensions to compromise people’s browsers.”
Legal action against platform abuse
This action is part of a long series of instances where Facebook took legal action against entities attempting to abuse the company’s platform and services.