Created attachment 584906 [details]
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7
Steps to reproduce:
A malicious add-on, named "Youtube Speed UP!" is being served to Facebook users via a fake YouTube page. The add-on sends spam to a user's Facebook friends by stealing their browser cookies.
This is similar to the "Free Cheesecake Factory" add-on we reported last week.
Installed add-on, spam sent from the victim's Facebook account.
Blocked in prod. Thanks.
FYI, as of yesterday this add-on had 558 users. It first appeared in the wild 3 days ago.