Malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once clicked, the links may lead victims to a site that automatically downloads the malicious browser extension. The malicious program also has ability to bypass Google’s recent security protection added to Chrome against installation of browser extensions that are not in Chrome Web Store. Once installed, the extension quietly opens a specific site in the background that is written in Turkish, which researchers believe is part of a click fraud or redirection scheme.
Source: https://thehackernews.com/2014/09/malware-can-bypasses-chrome-extension.html