One of the most common of cybercriminals to spread malware is to attract users on on social media platform to visit sites that look legitimate and popup a chrome extension installation windows. Click fraud, cryptocurrency miners, malicious browser extension stealing social media credentials is the malware called Nigelthorn , that is fast spreading via socially engineered links on Facebook. Since it started this year in March, it managed to infect 100K users globally. Fist discovered by researches at Radware, when a “protected” network of one of its customers got affected, Nigelthorn was spread via various (at least 7) Chrome browser extensions , hosted on official Chrome Web store. 7 Malicious Chrome Extensions spreading via Facebook Caught Stealing Passwords
To ensure you install legitimate browser extensions and avoid malicious apps, visit the official Chrome Web Store and check extension reviews.