Facebook Messenger malware ‘FacexWorm’ targets cryptocurrency exchanges, login credentials

A malicious Google Chrome extension has reared its ugly head again and has its sight set on cryptocurrency exchanges

Security Intelligence blog Trend Micro reported that the malicious extension, named FacexWorm, is capable of a number of actions. The blog post lays out the malware’s possible behaviors with capabilities to:

  • “Steal the user’s account credentials for Google, MyMonero, and Coinhive
  • Push a cryptocurrency scam 
  • Conduct malicious web cryptocurrency mining
  • Hijack cryptocurrency-related transactions
  • Earn from cryptocurrency-related referral programs”

Essentially, what the extension can do is steal login credentials from users and then promotes a scheme that attempts to scam the users to send Ether to an attacker. It can also steal computing processing power from users in order to power covert cryptocurrency mining.

The malware is also capable of hacking into the transactions through a number of big-name cryptocurrency exchanges such Poloniex, Bitfinex, Ethfinex, HitBTC, and Binance.

Trend Micro reports that the extension does this by using “a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger“.

Infections of the FacexWorm were reported last year. The virus first made use of Facebook’s Messenger as a means to send links that led users to malicious sites which gives the attacker access to their Facebook accounts at the same time as infiltrating their operating systems.

According to the Trend Micro team, a spike in its activities was noticed, and it just so happened to coincide with other reports of “FacexWorm surfacing in GermanyTunisiaJapanTaiwanSouth Korea, and Spain.

At the time of press, the team has found only one Bitcoin transaction which has been affected by FacexWorm but they are unaware of how much has been gained through the malicious mining.

The advice given to users to avoid being prey malicious activity is to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”

Related Articles

Bitcoin ATMs increase after months of downtrending

After four months of declining figures, the number of Bitcoin ATMs across the world increased significantly in May.

Crypto.com announces license for digital token services

Singapore-based cryptocurrency exchange Crypto.com has been granted the major payment institution (MPI) license.

Bitcoin to the Australian dollar at a massive discount

With the suspension of bank transfer services on Binance Australia, the price of the cryptocurrency has tanked.

Bali government cracks down on crypto payments

The province in Indonesia has set strict regulation against tourists paying in Bitcoin and cryptocurrencies.

See All