Cybersecurity researchers have uncovered a new phishing campaign involving fake Chrome extensions named Madgicx Plus and SocialMetrics Pro. These malicious extensions are designed to steal Facebook credentials from unsuspecting users by mimicking legitimate marketing tools. Once installed, the extensions intercept login details and send them to threat actors, potentially compromising user accounts and data.
The attack highlights the growing trend of cybercriminals exploiting popular digital marketing tools to target social media users. The fake extensions were distributed through deceptive websites and phishing emails, tricking users into installing them under the guise of enhancing their Facebook marketing capabilities.
This campaign underscores the importance of verifying the authenticity of browser extensions and being cautious about the sources from which they are downloaded. Users are advised to only install extensions from official stores and to regularly review their browser extensions for any suspicious activity.
Security experts recommend enabling multi-factor authentication (MFA) on social media accounts to add an extra layer of protection against credential theft. Additionally, keeping software and browsers updated can help mitigate vulnerabilities exploited by such malicious extensions.
Organizations and individuals alike should remain vigilant against these evolving threats by educating themselves on phishing tactics and employing robust cybersecurity practices. Monitoring for unusual account activity and promptly reporting suspicious extensions can help prevent the spread of these credential-stealing tools.
This Cyber News was published on thehackernews.com. Publication date: Fri, 12 Sep 2025 01:14:06 +0000