In a security bulletin, Microsoft reports that the malware can access a user’s Facebook account. Once it does that, it can then perform most of Facebook’s actions, including liking groups and pages, sharing posts and even chatting with user’s friends. It even makes posts written in Portuguese under a user’s name.
It is, as yet, unknown how far the malware — called Trojan:JS/Febipos.A — has spread. Because it’s disguised as a browser add-on, it can automatically communicate with its makers to get updated and repurposed on the fly. While it’s only operating in Brazil right now, security experts say it would be very easy to modify it to work in other countries and languages.