During the independent research, the Democrats on the House Intelligence Committee have found and released 3.500 Facebook and Instagram ads which were purchased in May 2016 by the Internet Research Agency. This agency is also known as the Russian troll farm.
Among these ads, the Democrats have found some which were promoting a very suspicious Chrome extension called FaceMusic. This extension could then gain wide access to the users' Facebook accounts and their browsing behavior.
These ads pointed toward this music app which supposedly gives users the ability to listen to their favorite music on Facebook and share the songs with their friends. The landing page for the app is musicfb.info. This page was registered in April 2016 in St. Petersburg, Russia. IRA is also based there.
These particular ads were first spotted by Jonathan Albright, director of research at Columbia University's Tow Center for Digital Journalism. He had noticed that different Russian Facebook pages like the anti-immigrant page "Stop All Invaders" were promoting this music app, which is really unusual.
Even though this landing page is no more active, there is an archived version of the site. Jérôme Segura, a researcher at the security firm Malwarebytes Labs, found the archived version of the app and installed it manually. According to him, the extension asked from users to give it access to read and change all of their data on the websites they are visiting, to display notifications and also manipulate the data user is copy-pasting.
This is probably the reason why all users of this extension reported that it was automatically sending messages to all their friends on Facebook. And even though Facebook cannot determine how many people have logged in to its platform through this extension, the ad had received only 80 clicks so there weren't many users involved.
As Democrats noticed in their research, these ads had targeted American girls from 14 to 17 years old which are interested in free software and music, but also have interests in services like Shazam, Spotify, Soundcloud and Apple Music.
As Wired reports, Chrome Web Store spokesperson said that their team has deleted the suspicious extension on the Store but also on their users' browsers which is a standard protocol in this kind of scenarios.