Just received this wild Facebook post that suddenly tagged me for unknown reason. Its look like a community page that received 87 million user 'Like' on it. That's something fishy to me.
This look suspicious to me when the provided URL is unreadable to me. Obviously it is in unicode character or IDN. It's Armenian language there (ask Google translate or Wikipedia).
Well, lets check it out whats so special about this FB post. Once you click on that weird URL you will be redirected to the fastotolike.com. The website looks like some kind of 'auto-like' or click jacking script.
Looking at the source code you will find there is Turkish language hoping that user will click the 'Add' button.
It's look like the app is available at Google Web Store and disguise as 'Business Flash Player !' With no description and no screenshot, definitely looks fishy. See image below:
If you try to install it you will see your extension appear in the Chrome Extensions list.
Lets take a look on installed extension source code. There is two link which is one of it will be redirect to malicious website. See image below:
The redirect URL will be go to the http://fastotolike.com/yeni.php which is some how reveal its long line comment source code. So, for this test I just uncomment the js code and make it beautiful.
This script is look like responsible to post a spam to the victim user Facebook wall. The post appear to be submit along with picture of random girl dancing on Youtube.