According to the research of Adi Raff and Yuval Shapira, the malware infects users by abusing a Google Chrome extension, the Nigelify application. Hence the malware has been dubbed Nigelthorn.
The malware has been known since March 2018. Malicious actors have socially engineered links on Facebook so that when users click on the link, they are redirected to a fake YouTube page. Rather than watching the video they expect to see, they are asked to install the dubious extension.
The extension then executes a malicious JavaScript code, turning the victim’s computer into part of a botnet. The Hacker News reported that the malware has infected more than 100,000 users with a malicious browser extension that performs credential theft, crypto-mining, click fraud and more.
Read entire article Chrome Extension Malware Targets Facebook | InfoSecurity | Kacy Zurkus