FacexWorm | Facebook Messenger Malware Targeting Cryptousers

A New Cryptocurrency Mining Malware is Spreading Through Facebook Messenger

May 9, 2018 | By admin

(5 votes, 4.20 / 5

FaceXWorm Malware

Last year, Facebook Messenger was plagued with FacexWorm malware. It sent out fake messages in an attempt to steal user passwords and other sensitive information. FacexWorm malware has resurfaced on the Facebook Messenger app, stealing user data and cryptocurrency from unwary users.

FacexWorm directs users to fake links urging users to install fake Chrome extensions. This malware is capable of stealing passwords, and cryptocurrencies. It can even perform crypto jacking, injecting malicious mining codes into preferred websites as well as hijack transactions and web wallets.

In the latest round of re-emergence, FacexWorm has gained new capabilities that include launching cryptocurrency scams, mining infected computers for cryptocurrencies, and stealing user account credentials from websites.

It has been found that the FacexWorm malware is sending a socially engineered fake YouTube page to unwary Facebook Messenger users, urging them to install a codec extension from where it gets installed on their systems. It also spreads to other people on your friend list with the help of the Facebook share link.

FacexWorm malware has been found to specifically target users who are searching with the keywords such as ‘blockchain’ and ‘ethereum’. Once the malware detects the cryptocurrency search by the user, FacexWorm prompts the user to verify the wallet address payment by sending a token amount of Ether. While there seems to be no way of getting the money back, only one Bitcoin transaction has been compromised by this malware as of now.

What does FacexWorm Malware Do?

Once entered, FacexWorm requests OAuth access (an open standard for access delegation) token for the Facebook account of the victim. It then automatically acquires the victim’s friend list and sends the malicious links to them.
If the FacexWorm recognizes that the victim has opened the target website’s login page, it then steals the user’s account credentials for Google, and MyMonero accounts.
It also injects cryptocurrency miner codes to websites opened by the victim, which draws CPU power from the victim’s computer.
It can even hijack the user’s cryptocurrency-related transactions by obtaining the address keyed in by the victim and replacing it with the address provided by the hacker.
If the victim tries to remove the FacexWorm via chrome extension management, it quickly closes the opened tab.
Hacker also gets a referral incentive every time a victim registers an account on DigitalOcean, FreeBitco.in, FreeDoge.co.in, or HashFlare.

The growing popularity of cryptocurrency mining is attracting more and more hackers to target users. Though Google and Facebook have several security measures in place, hackers are trying hard to spread malware like FacexWorm extensions. Hence, users are advised not to open suspicious links as it may carry a potential malware. You can install good antivirus software to protect your PC from all types of threats and attacks. Comodo Antivirus is a powerful virus protection tool that offers all-around protection for your computer.