React, Flux, GraphQL, Hack, HHVM...? All of this and more!
The primary target of the initial attack is to get the user to download the Nemucod malware, which extorts users for money after encrypting their computer:
Currently this the above activity is what the infected browsers (Chrome) are done, but since the malware is dynamic it can in the future be changed to perform other activities.
The malware can alledgedly download code from the creators server and also listen to Chrome network traffic and modify it. This allows capturing Facebook session and other sessions used in the browser.
Users infected with the Chrome extensions should remove the Chrome extension. Initially only Windows users are being attacked, but infected macOS and Linux computers can be attacked and abused in the future:
Currently, I'm not exactly sure what this extension is supposed to do beside spreading itself automatically via Facebook, but likely it downloads other malware to your machine.
- Nemucod downloader spreading via Facebook
With access to web workers and other modern techniques, they are a tempting target nowadays. Not to mention all the access to users private sessions and more in case there is a deeper vulnerability in one of the major browsers.