"A Man Jumped on the Mall" Facebook Scam

Browser Extensions and Facebook Profile Viewers

We recently saw a website – thousandssa(dot)pw – offering up a Facebook Profile Visitor browser extension:

Facebook profile visitor

Profile views

* Instantly see who is viewing your profile

* Check how many photo views you have

* It’s completely free”

Long time readers will know anything related to profile views on social networks will set alarm bells ringing, because there is usually no way to track who is on your page or what they’re looking at. More often than not you’ll be walking into a survey scam or an unwanted install.

Visiting the above page in FireFox offered us an .XPI browser extension file which was offline at time of writing. Taking a look at the source code, we see mention of the (currently offline) .XPI, and also reference to a URL – quizeer(dot)com – which offers up fake “who is watching your Facebook profile” content most commonly found in Facebook survey scams. Here’s the source code:

Source code

Here’s the Quizeer page – complete with survey questions:

Surveys and viewers

The above “Facebook profile viewer” page, complete with “3 other people are currently watching your profile” message, is a work of fiction. Whoever set this up just wants you to click a survey link and fill it in / sign up to ringtones / install software / whatever happens to be available at the time to make themselves some money.

Following the Chrome store link in the source code, we can see thousandssa(dot)pw listed as the homepage for a Chrome extension called “Pro Visitor” which is rather thin on the ground in terms of information given, but despite that there’s a good 47,400 people who have downloaded it so far.

Chrome extension

 

Installing

We’re still taking a look to see what it does, but the permission message may not mean very much – many applications and extensions require this level of access to function, and really close scrutiny is typically reserved for “High Alert” permissions such as “All data on your computer and the websites you visit”.

Even so, you may wish to give all of the above a miss – there’s little to be gained from installing an extension with a noticeable lack of information on the store page, and anything involving Facebook profile views in general should be treated with a healthy sense of skepticism.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.