There’s a malicious Google Chrome extension on the loose. Cybersecurity company Trend Micro reported that the extension which was known for its effectiveness has been revamped to target cryptocurrency exchanges.
It basically promotes a scam that dupes users into sending ether to the attacker’s wallet.
It also drains the processing power from systems in order to power clandestine crypto mining.
Trend Micro also reported that the malware can also hijack crypto transactions of major exchanges including Bitfinex, Poloniex, HitBTC, Ethfinex, Binance, and Blockchain’s crypto wallet.
The malware was initially exposed back in August 2017 and it was using Facebook Messenger in order to send malicious links. After users clicked on them, the attackers gained access to users’ Facebook accounts and they also infected the users’ systems. It seems that the FacexWorm resurfaced last month.
“Think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”
Propagation of FacexWorm and malicious behaviors
“FacexWorm is delivered through socially engineered links sent to Facebook Messenger. The links redirect to a fake YouTube page that will ask unwitting users to agree and install a codec extension (FacexWorm) in order to play the video on the page. It will then request privilege to access and change data on the opened website,” Trend Micro described.
The malicious behaviors of FacexWorm include the following:
- Steal the user’s account credentials for Google, MyMonero, and Coinhive
- Push a cryptocurrency scam
- Conduct malicious web cryptocurrency mining
- Hijack cryptocurrency-related transactions
- Earn from cryptocurrency-related referral programs
Trend Micro recommends users to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”
You can read Trend Micro’s full detailed report here to learn more about the malware.