FB Stealer Will Steal your Facebook Credentials
Securelist researchers published a detailed look into some of the most notorious browser hijackers and malicious browser extensions encountered by computer users in 2022 so far. One of the intriguing entries on that list was FB Stealer, an extension that combines traditional browser hijacker behavior with the ability to steal Facebook login credentials.
FB Stealer masquerades as an extension that shows up as "Google Translate" in your browser. Of course, it has nothing to do with the legitimate Google Translate platform.
FB Stealer is commonly delivered by a Trojan named "NullMixer". The most likely way to encounter NullMixer in the first place is fishing around the web for "cracks" for paid software or computer games.
The FB Stealer extension modifies the browser's default search engine, swapping it out for ctcodeinfo dot com. The extension can also extract Facebook login session cookies, which are then sent to a server. Using the data inside the cookies, bad actors can log into the compromised account and take it over, changing the password.
The possibilities for fraud, impersonation and other fowl play, once an account has been hijacked, are nearly limitless, which makes FB Stealer a much more serious threat than most garden-variety browser hijackers.