FacexWorm attempted to steal credentials of users’ Google accounts and crypto trading platforms. It tried to exploit users through a combination of methods including through Chrome extension and Facebook messenger. Google has since removed the Chrome extension.
Facebook messenger was hit by yet another more sophisticated crypto mining malware that spread through Chrome extension, which has since been removed by Google. The malware managed to infect a small number of users. The malware not only injected illegal mining software on the user’s computer to try and mine cryptocurrencies. But also tried to steal credentials for cryptocurrency sites and Google accounts by directing users to the hacker’s spam sites through links.
Trend Micro reported that their cyber safety solutions team identified the malware as FacexWorm. The malware was using an ingenious combination of social engineering, multi-platform coordination, and rapid propagation techniques.
It targets cryptocurrency trading platforms for users who use the platforms on affected browsers such as Chrome and then the bug propagates through the messenger app. In other words, it takes advantage of the messenger feature to spread to other people that is relates to. The new virus is more sophisticated that the last year’s malware called Dubmine, in that it creates a fake YouTube page. Since that mimics the original, and purports you need the extension for that YouTube page.
The attack directs the victim to the hackers’ cryptocurrency platform. However, through referral links or scams instead of the legitimate page the target user is trying to visit. It will also try to steal credentials for cryptocurrency sites and Google accounts.
Last year, Facebook messenger was hit by yet another bug, Dubmine that also propagating through a malicious Chrome extension. The virus could send itself to everyone the victim knows through the messenger. Both the Facebook messenger and YouTube are not new to exploits at all.
The craze for mining malware is also increasing as value of cryptocurrencies continue to rise. This year alone, thousands of websites bot for individual and businesses have reportedly been affecting by illegal remote installation of mining software.