Facebook warning as 800,000 fall victim to "You've been tagged" virus

Facebook users around the world have fallen victim to a rapidly spreading “virus” which spreads through messages telling users they have been tagged.

The malicious software has already infected 800,000 users, and is spreading at a rate of 40,000 attacks per hour, according to Italian security researcher Carlo de Micheli.

Victims have Facebook log-ins and passwords “harvested” from their web browser, and sent directly to cybercriminals.

Such information can be used to craft identity thefts - and to break directly into people’s bank accounts.

Micheli, speaking to the New York Times’ Bits blog, says that the attack spreads via emails, links and Facebook messages telling users they have been tagged.

[Water found on moon hints at mystery "source" beneath surface]

Clicking the link prompts users to download a video plug-in for their browser - it affects users of either Google Chrome or Firefox.

The plug-in is not what it seems - instead, it harvests all information stored in the browser, such as email passwords, Facebook log-ins and Twitter details.

The information is sent to an unknown group of cybercriminals, thought to be Turkish.

“A few years ago, you’d tell your friends, don’t click on attachments,” Mr. De Micheli said in a phone interview. “Now, the same advice applies to browser add-ons.”

“We have been blocking people from clicking through the links and have reported the bad browser extensions to the appropriate parties,” a Facebook spokesman said in a statement. 

“We believe only a small percentage of our users were affected by this issue, and we are currently working with them to ensure that they’ve removed the bad browser extension.”