Facebook Messenger malware ‘FacexWorm’ targets cryptocurrency exchanges, login credentials

A malicious Google Chrome extension has reared its ugly head again and has its sight set on cryptocurrency exchanges

Security Intelligence blog Trend Micro reported that the malicious extension, named FacexWorm, is capable of a number of actions. The blog post lays out the malware’s possible behaviors with capabilities to:

  • “Steal the user’s account credentials for Google, MyMonero, and Coinhive
  • Push a cryptocurrency scam 
  • Conduct malicious web cryptocurrency mining
  • Hijack cryptocurrency-related transactions
  • Earn from cryptocurrency-related referral programs”

Essentially, what the extension can do is steal login credentials from users and then promotes a scheme that attempts to scam the users to send Ether to an attacker. It can also steal computing processing power from users in order to power covert cryptocurrency mining.

The malware is also capable of hacking into the transactions through a number of big-name cryptocurrency exchanges such Poloniex, Bitfinex, Ethfinex, HitBTC, and Binance.

Trend Micro reports that the extension does this by using “a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger“.

Infections of the FacexWorm were reported last year. The virus first made use of Facebook’s Messenger as a means to send links that led users to malicious sites which gives the attacker access to their Facebook accounts at the same time as infiltrating their operating systems.

According to the Trend Micro team, a spike in its activities was noticed, and it just so happened to coincide with other reports of “FacexWorm surfacing in GermanyTunisiaJapanTaiwanSouth Korea, and Spain.

At the time of press, the team has found only one Bitcoin transaction which has been affected by FacexWorm but they are unaware of how much has been gained through the malicious mining.

The advice given to users to avoid being prey malicious activity is to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”

Related Articles

FCA warns users against Sun’s Poloniex

The UK's financial authority has published an official warning to users that Poloniex is not operating under regulation.

Hong Kong SFC warns users fraud for two platforms

The Securities and Futures Commission of Hong Kong has raised concerns over activities with two crypto entities.

El Salvador’s Bitcoin investment hits profits

After years in the downturn market, El Salvador's Bitcoin holding has risen to a 3% gain over its investment.

Grayscale Bitcoin Trust looks to change to ETF

Grayscale to transform the GBTC with a Bitcoin ETF to align the price closer to Bitcoin's and create a seamless process for investors.

See All