Fake Madgicx Plus and SocialMetrics Extensions Hijack Meta Business Accounts

Researchers have uncovered two malicious campaigns distributing fake browser extensions—SocialMetrics Pro and Madgicx Plus—that hijack Meta Business accounts. These extensions, promoted via malvertising and fake websites, claim to unlock Facebook and Instagram verification badges or boost ad performance but instead steal session cookies and credentials.

SocialMetrics Pro collects Facebook session cookies and IP addresses, using them to access account data via the Facebook Graph API. Madgicx Plus and related extensions, available on the Chrome Web Store, gain full access to users’ browsing, intercept data, and harvest Google and Facebook credentials to hijack business accounts.

The stolen accounts are sold or used to fuel further malicious campaigns, creating a self-sustaining cycle. The campaigns show signs of Vietnamese-speaking threat actors industrializing malvertising to target Meta advertisers.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security