Fake Meta Verified and Madgicx Plus Extensions Exploit Meta Business Accounts

First reported

11.09.2025 12:05

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

Cybersecurity researchers have identified two campaigns distributing fake browser extensions to steal Meta Business and Ads accounts. The first campaign uses malvertising to push fake 'Meta Verified' extensions that steal session cookies and interact with the Facebook Graph API. The second campaign targets Meta advertisers with rogue Chrome extensions disguised as AI-powered ad optimization tools. The extensions, available on the Chrome Web Store, steal credentials and session tokens, enabling account takeovers. The campaigns are linked to Vietnamese-speaking threat actors and aim to sell hijacked accounts on underground forums or repurpose them for further malvertising. The fake extensions have been observed collecting session cookies, IP addresses, and interacting with the Facebook Graph API to gather additional account information. The end goal is to hijack valuable Meta Business and Ads accounts for profit.

Timeline

11.09.2025 12:05 📰 1 articles

Fake Meta Verified and Madgicx Plus Extensions Exploit Meta Business Accounts
Cybersecurity researchers have identified two campaigns distributing fake browser extensions to steal Meta Business and Ads accounts. The first campaign uses malvertising to push fake 'Meta Verified' extensions that steal session cookies and interact with the Facebook Graph API. The second campaign targets Meta advertisers with rogue Chrome extensions disguised as AI-powered ad optimization tools. The extensions, available on the Chrome Web Store, steal credentials and session tokens, enabling account takeovers. The campaigns are linked to Vietnamese-speaking threat actors and aim to sell hijacked accounts on underground forums or repurpose them for further malvertising.
Show sources

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
Open in new tab

Information Snippets

Fake 'Meta Verified' browser extensions are distributed via malicious ads and fake websites.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
At least 37 malicious ads have been observed serving the fake SocialMetrics Pro extension.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The fake extensions steal session cookies and send them to a Telegram bot controlled by the attackers.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The extensions obtain the victim's IP address by querying ipinfo[.]io/json.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The stolen cookies are used to interact with the Facebook Graph API to fetch additional account information.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The campaigns are linked to Vietnamese-speaking threat actors known for targeting Facebook accounts.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The fake extensions are promoted as productivity or ad performance enhancers but operate as dual-purpose malware.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The extensions gain full access to all websites the user visits, enabling threat actors to inject scripts and intercept network traffic.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The extensions prompt users to link their Facebook and Google accounts, covertly harvesting identity information.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05
The campaigns aim to sell hijacked Meta Business and Ads accounts on underground forums or repurpose them for further malvertising.
First reported: 11.09.2025 12:05

📰 1 source, 1 article
Show sources
- Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts — thehackernews.com — 11.09.2025 12:05