Crypto Malware Spreads Via Facebook Messenger
Cybersecurity company Trend Micro has identified a malicious Chrome extension that hijacks cryptocurrency transactions.
Dubbed FacexWorm, the malicious extension, which was first discovered by Kaspersky Labs in August 2017, uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger. Last month, Trend Micro noticed a spike in its activities and made attempts in a number of countries, including Germany, Japan and South Korea.
According to the cybersecurity firm, the malicious extension’s capabilities “were made over” to steal accounts and credentials of FacexWorm’s websites of interest. It also redirects would-be victims to cryptocurrency scams, injects malicious mining codes on the webpage, redirects to the attacker’s referral link for crypto-related referral programs, and hijacks transactions in trading platforms and web wallets by replacing the recipient address with the attacker’s.
“Once the victim opens the transaction page on a cryptocurrency-related website, FacexWorm locates the address keyed in by the victim and replaces it with another specified by the attacker,” the report said. “FacexWorm performs this on the trading platforms Poloniex, HitBTC, Bitfinex, Ethfinex, and Binance, and the wallet Blockchain.info.”
Trend Micro said a very small percentage of users were affected by FacexWorm, and Chrome had already removed many of these extensions prior to being alerted by the firm.
“While we’ve so far only found one bitcoin transaction compromised by FacexWorm when we checked the attacker’s address/wallet, we don’t know how much has been earned from the malicious web mining,” said Trend Micro said.
Trend Micro advised users to practice good security habits to avoid falling for similar threats: “Think before sharing, be more prudent against unsolicited or suspicious messages, and enable tighter privacy settings for your social media accounts.”
In response, Facebook said they maintain a number of automated systems to help stop harmful links and files from appearing on the platform.
“If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners,” Facebook said. “We share tips on how to stay secure and links to these scanners on facebook.com/help.”
