Home
Internet
Internet News
Facebook Messenger Sees FacexWorm Malware Resurface, Targets Cryptocurrency Transactions: Trend Micro

Facebook Messenger Sees FacexWorm Malware Resurface, Targets Cryptocurrency Transactions: Trend Micro

By Ankit Chawla | Updated: 2 May 2018 18:43 IST

Highlights

The malware was first spotted in August last year
It uses fake YouTube links to lure in unsuspecting users
It specifically targets cryptocurrency trading platforms

Facebook Messenger was plagued, back in August last year, with a form of malware that sent out fake messages in an attempt to steal passwords and other sensitive information from users on the platform. It seems the malware is back for strike two as it has been spotted stealing data and cryptocurrency from users on the messaging app. It reportedly directs users to fake links where it urges users to install fake Chrome extensions.

Dubbed FacexWorm by the researchers over at security firm Trend Micro, this malware reportedly has had its capabilities transformed and now has a second stint at spreading itself across Facebook and Google Chrome. FacexWorm has added new abilities that include pushing indigenous cryptocurrency scams, mining infected systems for cryptocurrency, and stealing account credentials from websites. A socially engineered fake YouTube page is sent to unsuspecting Facebook Messenger users prompting them to install a codec extension from where it gets installed on their systems. A Facebook share link enables the malware to reach other people in your friend list as well, and possibly infect their systems as well.

Interestingly enough, the blog post states, FacexWorm malware specifically targets cryptocurrency trading portals by searching for keywords such as 'blockchain' and 'ethereum' present in the URL. Once detected, it will apparently prompt the user to verify wallet address payment by sending a token amount of Ether. While there seems to be no possibility of getting the money back, researchers say only one Bitcoin transaction has been compromised in the ordeal yet.

The Trend Micro blog suggests this to be FacexWorm's malicious behaviour - steal the user's account credentials for Google, MyMonero, and Coinhive; push a cryptocurrency scam, conduct malicious web cryptocurrency mining, hijack cryptocurrenty-related transactions, and earn from cryptocurrency-related referral programmes.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.