Facebook Messenger malware ‘FacexWorm’ targets cryptocurrency exchanges, login credentials

A malicious Google Chrome extension has reared its ugly head again and has its sight set on cryptocurrency exchanges

Security Intelligence blog Trend Micro reported that the malicious extension, named FacexWorm, is capable of a number of actions. The blog post lays out the malware’s possible behaviors with capabilities to:

  • “Steal the user’s account credentials for Google, MyMonero, and Coinhive
  • Push a cryptocurrency scam 
  • Conduct malicious web cryptocurrency mining
  • Hijack cryptocurrency-related transactions
  • Earn from cryptocurrency-related referral programs”

Essentially, what the extension can do is steal login credentials from users and then promotes a scheme that attempts to scam the users to send Ether to an attacker. It can also steal computing processing power from users in order to power covert cryptocurrency mining.

The malware is also capable of hacking into the transactions through a number of big-name cryptocurrency exchanges such Poloniex, Bitfinex, Ethfinex, HitBTC, and Binance.

Trend Micro reports that the extension does this by using “a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger“.

Infections of the FacexWorm were reported last year. The virus first made use of Facebook’s Messenger as a means to send links that led users to malicious sites which gives the attacker access to their Facebook accounts at the same time as infiltrating their operating systems.

According to the Trend Micro team, a spike in its activities was noticed, and it just so happened to coincide with other reports of “FacexWorm surfacing in GermanyTunisiaJapanTaiwanSouth Korea, and Spain.

At the time of press, the team has found only one Bitcoin transaction which has been affected by FacexWorm but they are unaware of how much has been gained through the malicious mining.

The advice given to users to avoid being prey malicious activity is to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”

Related Articles

CBDC adoption: Russia enters final phase to test digital ruble

Russia is in the final phase of testing a central bank digital currency (CBDC), which will be used for both national and international...

What exactly is DeFi? Decentralised finance explained

DeFi is a set of technologies that enables people to manage their funds on a peer-to-peer basis and it's changing the way money can be used.

Expansion: Coinbase will be launching in the Netherlands

As part of its global expansion, Coinbase has announced that it has been granted regulatory approval from the Netherlands' national bank.

Is Bitcoin better than retail estate as an investment?

According to MicroStrategy CEO Michael Saylor, Bitcoin presents a much better long-term asset than property.

See All