Early in April, Google cracked down on cryptocurrency mining extensions, to the consternation of many. As it turns out, the tech giant was right to a certain degree.
Trend Micro’s Cyber Safety Solutions team has identified malware in the form of a Chrome extension. They’ve named it FacexWorm because it is being propagated through Facebook Messenger.
FacexWorm uses a wide array of techniques to attack cryptocurrency trading platforms which are accessed on affected computers. It then spreads via Facebook Messenger.
The malware isn’t actually new. It was first discovered on August 25, 2017 by Kaspersky Labs researcher David Jacoby.
“When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites,” Jacoby reported.
He also pointed out that the malware was browser-independent and affects computers running on Windows and MacOS.
However, Trend Micro reports that this iteration of FacexWorm is more dangerous as it can steal accounts and credentials of an affected Facebook account:
It also redirects would-be victims to cryptocurrency scams, injects malicious mining codes on the webpage, redirects to the attacker’s referral link for cryptocurrency-related referral programs, and hijacks transactions in trading platforms and web wallets by replacing the recipient address with the attacker’s.
So far, Trend Micro has only found one compromised Bitcoin transaction.
Needless to say – but we’ll point it out anyway – do not click on links via Facebook messages unless you’re absolutely sure they’re clean.