Facebook Messenger malware ‘FacexWorm’ targets cryptocurrency exchanges, login credentials

A malicious Google Chrome extension has reared its ugly head again and has its sight set on cryptocurrency exchanges

Security Intelligence blog Trend Micro reported that the malicious extension, named FacexWorm, is capable of a number of actions. The blog post lays out the malware’s possible behaviors with capabilities to:

  • “Steal the user’s account credentials for Google, MyMonero, and Coinhive
  • Push a cryptocurrency scam 
  • Conduct malicious web cryptocurrency mining
  • Hijack cryptocurrency-related transactions
  • Earn from cryptocurrency-related referral programs”

Essentially, what the extension can do is steal login credentials from users and then promotes a scheme that attempts to scam the users to send Ether to an attacker. It can also steal computing processing power from users in order to power covert cryptocurrency mining.

The malware is also capable of hacking into the transactions through a number of big-name cryptocurrency exchanges such Poloniex, Bitfinex, Ethfinex, HitBTC, and Binance.

Trend Micro reports that the extension does this by using “a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger“.

Infections of the FacexWorm were reported last year. The virus first made use of Facebook’s Messenger as a means to send links that led users to malicious sites which gives the attacker access to their Facebook accounts at the same time as infiltrating their operating systems.

According to the Trend Micro team, a spike in its activities was noticed, and it just so happened to coincide with other reports of “FacexWorm surfacing in GermanyTunisiaJapanTaiwanSouth Korea, and Spain.

At the time of press, the team has found only one Bitcoin transaction which has been affected by FacexWorm but they are unaware of how much has been gained through the malicious mining.

The advice given to users to avoid being prey malicious activity is to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”

Related Articles

Should Beijing look at its crypto ban? A former bank member believes so

A former member of the Monetary Policy Committee at the People’s Bank of China believes the ban on China should be reconsidered.

United Kingdom riddled with crypto scams

Owing to the lack of regulation and restriction in the United Kingdom, fraudulent companies have been flocking to the country.

US lawmakers seek answers from Silvergate about FTX link

United States senators have requested information from Silvergate Capital regarding the firm's association with FTX.

Bitcoin value in Nigeria surges as cash-free society initiative expands

The adoption rate of cryptocurrency in Nigeria hits new highs and the price of Bitcoin has hit a more than 60% premium.

See All