According to the research of Adi Raff and Yuval Shapira, the malware infects users by abusing a Google Chrome extension, the Nigelify application. Hence the malware has been dubbed Nigelthorn.
The malware has been known since March 2018. Malicious actors have socially engineered links on Facebook so that when users click on the link, they are redirected to a fake YouTube page. Rather than watching the video they expect to see, they are asked to install the dubious extension.
Read entire article Chrome Extension Malware Targets Facebook | InfoSecurity | Kacy Zurkus