The UK's financial authority has published an official warning to users that Poloniex is not operating under regulation.
Security Intelligence blog Trend Micro reported that the malicious extension, named FacexWorm, is capable of a number of actions. The blog post lays out the malware’s possible behaviors with capabilities to:
- “Steal the user’s account credentials for Google, MyMonero, and Coinhive
- Push a cryptocurrency scam
- Conduct malicious web cryptocurrency mining
- Hijack cryptocurrency-related transactions
- Earn from cryptocurrency-related referral programs”
Essentially, what the extension can do is steal login credentials from users and then promotes a scheme that attempts to scam the users to send Ether to an attacker. It can also steal computing processing power from users in order to power covert cryptocurrency mining.
The malware is also capable of hacking into the transactions through a number of big-name cryptocurrency exchanges such Poloniex, Bitfinex, Ethfinex, HitBTC, and Binance.
Trend Micro reports that the extension does this by using “a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger“.
Infections of the FacexWorm were reported last year. The virus first made use of Facebook’s Messenger as a means to send links that led users to malicious sites which gives the attacker access to their Facebook accounts at the same time as infiltrating their operating systems.
According to the Trend Micro team, a spike in its activities was noticed, and it just so happened to coincide with other reports of “FacexWorm surfacing in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain.”
At the time of press, the team has found only one Bitcoin transaction which has been affected by FacexWorm but they are unaware of how much has been gained through the malicious mining.
The advice given to users to avoid being prey malicious activity is to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”