{"id":4494,"date":"2018-05-09T20:32:58","date_gmt":"2018-05-09T15:02:58","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=4494"},"modified":"2025-06-20T18:39:21","modified_gmt":"2025-06-20T13:09:21","slug":"facexworm-malware-targeting-crypto-users","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/","title":{"rendered":"A New Cryptocurrency Mining Malware is Spreading Through Facebook Messenger"},"content":{"rendered":"<p><img decoding=\"async\" class=\"img-responsive\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/Microsoft-to-Battle-Malware.jpg\" alt=\"FaceXWorm Malware\" \/><\/p>\n<p>Last year, Facebook Messenger was plagued with FacexWorm malware. It sent out fake messages in an attempt to steal user passwords and other sensitive information. FacexWorm malware has resurfaced on the Facebook Messenger app, stealing user data and cryptocurrency from unwary users.<\/p>\n<p>FacexWorm directs users to fake links urging users to install fake Chrome extensions. This malware is capable of stealing passwords, and cryptocurrencies. It can even perform crypto jacking, injecting malicious mining codes into preferred websites as well as hijack transactions and web wallets. (<a href=\"https:\/\/grcf.jhmi.edu\/get-valium-online-possible\/\">https:\/\/grcf.jhmi.edu<\/a>) <\/p>\n<p>In the latest round of re-emergence, FacexWorm has gained new capabilities that include launching cryptocurrency scams, mining infected computers for cryptocurrencies, and stealing user account credentials from websites.<\/p>\n<p>It has been found that the FacexWorm malware is sending a socially engineered fake YouTube page to unwary Facebook Messenger users, urging them to install a codec extension from where it gets installed on their systems. It also spreads to other people on your friend list with the help of the Facebook share link.<\/p>\n<p>FacexWorm malware has been found to specifically target users who are searching with the keywords such as &#8216;blockchain&#8217; and &#8216;ethereum&#8217;. Once the malware detects the cryptocurrency search by the user, FacexWorm prompts the user to verify the wallet address payment by sending a token amount of Ether. While there seems to be no way of getting the money back, only one Bitcoin transaction has been compromised by this malware as of now.<\/p>\n<p>&nbsp;<\/p>\n<h2>What does FacexWorm Malware Do?<\/h2>\n<p>&nbsp;<\/p>\n<ul>\n<li>Once entered, FacexWorm requests OAuth access (an open standard for access delegation) token for the Facebook account of the victim. It then automatically acquires the victim&#8217;s friend list and sends the malicious links to them.<\/li>\n<li>If the FacexWorm recognizes that the victim has opened the target website\u2019s login page, it then steals the user&#8217;s account credentials for Google, and MyMonero accounts.<\/li>\n<li>It also injects cryptocurrency miner codes to websites opened by the victim, which draws CPU power from the victim&#8217;s computer.<\/li>\n<li>It can even hijack the user&#8217;s cryptocurrency-related transactions by obtaining the address keyed in by the victim and replacing it with the address provided by the hacker.<\/li>\n<li>If the victim tries to remove the FacexWorm via chrome extension management, it quickly closes the opened tab.<\/li>\n<li>Hacker also gets a referral incentive every time a victim registers an account on DigitalOcean, FreeBitco.in, FreeDoge.co.in, or HashFlare.<\/li>\n<\/ul>\n<p>The growing popularity of cryptocurrency mining is attracting more and more hackers to target users. Though Google and Facebook have several security measures in place, hackers are trying hard to spread <a title=\"What Does Malware Do?\" href=\"https:\/\/enterprise.comodo.com\/what-does-malware-do.php\" target=\"_blank\" rel=\"noopener\">malware<\/a> like FacexWorm extensions. Hence, users are advised not to open suspicious links as it may carry a potential malware. You can install good antivirus software to protect your PC from all types of threats and attacks. Comodo Antivirus is a powerful <a href=\"https:\/\/antivirus.comodo.com\/free-antivirus.php\" target=\"_blank\" rel=\"noopener\">virus protection<\/a> tool that offers all-around protection for your computer.<br \/>\n<a href=\"https:\/\/antivirus.comodo.com\/download\/thank-you.php?prod=cloud-antivirus&#038;track=16678&#038;af=16678\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2018\/04\/Comodo-Free-Antivirus.png\" alt=\"comodo antivirus\"\/><\/a><\/p>\n<p><a href=\"https:\/\/secure.nurd.com\/home\/purchase.php?pid=109&#038;af=16166\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2020\/08\/complete-antivirus.png\" alt=\"comodo antivirus\" width=\"650\" height=\"83\" \/><\/a><\/p>\n<p><strong>Related Resources<\/strong><\/p>\n<p><a href=\"https:\/\/antivirus.comodo.com\/antivirus-for-android.php\" target=\"blank\">Antivirus for Android<\/a><\/p>\n<p><a href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/what-is-browser-hijacking\/\" target=\"blank\">browser hijacker<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last year, Facebook Messenger was plagued with FacexWorm malware. It sent out fake messages in an attempt to steal user passwords and other sensitive information. FacexWorm malware has resurfaced on the Facebook Messenger app, stealing user data and cryptocurrency from unwary users. FacexWorm directs users to fake links urging users to install fake Chrome extensions. [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":1490,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[166,26,167],"class_list":["post-4494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-comodo-news","tag-facexworm","tag-malware","tag-messenger-malware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>FacexWorm | Facebook Messenger Malware Targeting Cryptousers<\/title>\n<meta name=\"description\" content=\"Facexworm, a type of malware is targeting the cryptocurrency users through facebook messenger by stealing their personal data, transactions and wallets.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FacexWorm | Facebook Messenger Malware Targeting Cryptousers\" \/>\n<meta property=\"og:description\" content=\"Facexworm, a type of malware is targeting the cryptocurrency users through facebook messenger by stealing their personal data, transactions and wallets.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-09T15:02:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-20T13:09:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/\",\"name\":\"FacexWorm | Facebook Messenger Malware Targeting Cryptousers\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg\",\"datePublished\":\"2018-05-09T15:02:58+00:00\",\"dateModified\":\"2025-06-20T13:09:21+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Facexworm, a type of malware is targeting the cryptocurrency users through facebook messenger by stealing their personal data, transactions and wallets.\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg\",\"width\":225,\"height\":170,\"caption\":\"Internet Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A New Cryptocurrency Mining Malware is Spreading Through Facebook Messenger\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FacexWorm | Facebook Messenger Malware Targeting Cryptousers","description":"Facexworm, a type of malware is targeting the cryptocurrency users through facebook messenger by stealing their personal data, transactions and wallets.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/","og_locale":"en_US","og_type":"article","og_title":"FacexWorm | Facebook Messenger Malware Targeting Cryptousers","og_description":"Facexworm, a type of malware is targeting the cryptocurrency users through facebook messenger by stealing their personal data, transactions and wallets.","og_url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2018-05-09T15:02:58+00:00","article_modified_time":"2025-06-20T13:09:21+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/","url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/","name":"FacexWorm | Facebook Messenger Malware Targeting Cryptousers","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg","datePublished":"2018-05-09T15:02:58+00:00","dateModified":"2025-06-20T13:09:21+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Facexworm, a type of malware is targeting the cryptocurrency users through facebook messenger by stealing their personal data, transactions and wallets.","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2016\/11\/RF-10296_thb_11.jpg","width":225,"height":170,"caption":"Internet Security"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/facexworm-malware-targeting-crypto-users\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A New Cryptocurrency Mining Malware is Spreading Through Facebook Messenger"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=4494"}],"version-history":[{"count":14,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4494\/revisions"}],"predecessor-version":[{"id":22021,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4494\/revisions\/22021"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/1490"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=4494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=4494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=4494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}