FacexWorm, a malicious Google Chrome extension, has been targeting cryptocurrency trading platforms via Facebook Messenger, according to a Trend Micro report.
This was not the first time FacexWorm has targeted unsuspecting users. The malware was first uncovered last year in August by Kaspersky labs researcher David Jacoby. At the time, it was unclear how it operated and the purpose for its creation. Eight months later,Trend Micro noticed on April 8 activities that resembled the malware. At the time of discovery, there were already reports of FacexWorm attack in countries like Tunisia, Germany, Spain, Japan, Taiwan, and South Korea.
The new version of FacexWorm works similarly like the old version with few new adjustments. In addition to sending socially engineered links to friends from an affected Facebook Messenger account, it can steal users account and credential details. FacexWorm also causes cryptocurrency fraud, puts malicious cryptocurrency mining codes on a website and redirects users to attackers’ referral link for cryptocurrency related programs. It can also hijack cryptocurrency transactions and steal money from platforms, such as Poloniex, HitBTC, Bitfinex, Ethfinex, and Binance, and wallets like Blockchain.info.
According to the report, users who opened the link were redirected to a fake YouTube page, where they will be asked to install a codec extension—FacexWorm—to play the video. Finally, users will get a request for “privilege to access,” and change data on the opened website. Once granted access,FacexWorm will download malicious codes to help in executing its operations.
The malware has only been able to affect a small group of people, according to the Trend Micro team, which has so far been able to identify one BTC transaction that was affected by FacexWorm. They were, however, not able to determine how many BTC coins have been earned from the malicious malware
Chrome has taken measures to remove and prevent attackers from uploading FacexWorm in their system.Facebook Messenger has also put measures to detect and prevent FacexWorm uploads by attackers. Trend Micro urges users to be careful while sharing information with friends.
Last year, Amazon had a malware attack that was uploaded to their Amazon Web Services servers. The malware executed BTC mining command that allowed mining using the company’s large process power to facilitate the process.