Cyber Security

Beware!! Your Facebook Messenger Is At Risk of a Malware Attack

The users of Facebook, Chrome and cryptocurrency are at high alert as a new and advanced version of malware called FacexWorm is at work. FacexWorm, widely known for using fake Facebook Messenger as a source of attack and to insist victims to download malicious Chrome extension has been revamped and is now available with features that steal your data, passwords, cryptocurrency funds and contribute to crypto jacking.

They aim to corrupt the profile by spamming Facebook users and running crypto jacking scripts. Their modus operandi is same as it was before but they are now upgraded with additional features, particularly focusing on the users of cryptocurrency. But their source of scamming is same i.e. Facebook Messenger and this time they are attacking users with new tricks.

Source: calibreone.com.au

 

Going down the lane, the malware was first detected in August 2017, where the hackers used Messenger to send phishing messages to victim. These messages redirected the victims to fake websites like YouTube, where they were forced to download a malevolent Chrome extension. Since then, the malware is under scanner but in April 2018, there was sudden surge in attacks, targeting Facebook users around the world.

The revelation was first done by Trend Micro, a security company that named the malware as FacexWorm. They discovered that hackers were using Facebook to spread the malware and misused Google Chrome and now they have updated this malware with additional features. The supplementary features include the ability to sneak into selected websites of Google and Cryptocurrency and then steal account credentials of users. Further, it supports cryptocurrency scams and corrupt mines for extra currency.

Also Read : How to Remove Malware and Adware from Your Mac

 

How Does This Malware Spread and Corrupt Websites?

To initiate the process of malware attack, FacexWorm must be installed on the victim’s system. Here, to mount the corrupt file in the system, hackers send an infected link from one of the known Facebook account to the victim, which directs them to a bogus YouTube website. Eventually, victims are asked to install a corrupted file extension to play videos. If access granted, the FacexWorm malware enters into the system and corrupt it.

Source: blog.central-insurance.com

 

But this is not the end as malware hacks your contact list as well as control server and logs into your Facebook account to send more bogus YouTube links to your friends list and keeps distributing the malware. In case, the victim is not using Google Chrome, the link will automatically divert to an unknown advertisement.

Must Read : Who Has More Of Your Personal Data Facebook Or Google

 

What Is FacexWorm?

 It is a replica of a regular Google Chrome extension, but infused with nasty code. This is distributed, when users download an additional JavaScript code every time the browser is used and a website is opened. If hackers modify the code to gain further access to the credentials form that website, it installs supplementary Javascript to implement future actions like stealing login credentials.

The new version of this malware is specifically targeting consumers that are using cryptocurrency platforms for trading or even searching for keywords like ‘Ethereum’ and “Blockchain” in the URL. In fact, hackers are directing users to a bogus website and asking them to pay for ‘wallet address verification’, with an assurance that they will get their money back.

Moreover, hackers are attempting to gain cryptocurrency from different means like sending malicious referral links to users, who are buying currency vis these links. FacexWorm is also targeting customer using cryptocurrency miner. Furthermore, malware is equipped with the ability of hiding itself. For instance, when the extension management page is opened, FacexWorm will instantly close it. Also, hackers are using a shield to protect itself from exposure.

The frightening aspect of this attack is that hackers re-upload the extension on Chrome even after it is removed from the Chrome Web Store. If you don’t want to be the victim of such attacks, think before sharing and enable a robust privacy setting of your social accounts.

Leave a comment