“In the new technique, which we call it ‘Magnet,’ the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post,” said Mohammad Faghani, a senior consultant at PricewaterhouseCoopers, in a mailing list post to the Full Disclosure infosec hangout.
“A tag may be seen by friends of the victim’s friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation.”
In a statement, Facebook said, “We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites.”