FacexWorm Chrome extension uses Facebook Messenger to steal cryptocurrency

By
FacexWorm Chrome extension uses Facebook Messenger to  steal cryptocurrency

The malicious Chrome extension FacexWorm is targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials for Google MyMonero and Coinhive.

The malicious Chrome extension FacexWorm is targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials for Google MyMonero and Coinhive.

The malware was first spotted in August 2017, however, Trend Micro researchers noticed an uptick in activities that coincided with external reports of FacexWorm surfacing in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain, according to a 30 April, 2018 blog post.

The malware sends socially engineered links to the friends of an affected user's Facebook account to redirect would-be victims to cryptocurrency scams, inject malicious mining codes on the webpage and redirect to the attacker's referral link for cryptocurrency-related referral programs.

FacexWorm also hijacks transactions in trading platforms and web wallets by replacing the recipient address with the attacker's, researchers said in the post. The malicious links lead to fake YouTube pages that aks unsuspecting users to play the video on the page which will then request privilege to access and change data on the opened website thus initiating the attack.

Researchers noted the Chrome Web Store had removed many of the malicious extension extensions prior to being contacted by the researchers however the attacker has been persistent in uploading it back to the store. Facebook messenger can also detect the malicious links and block the propagation behavior of the affected account, researchers said. 

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA

Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA

Re-designed Gmail poses new potential threat to 1.4 billion users

Re-designed Gmail poses new potential threat to 1.4 billion users

GitHub now warns you about flaws affecting your Python code

GitHub now warns you about flaws affecting your Python code

My Health Record: the case for opting out

My Health Record: the case for opting out