FacexWorm malware has reemerged on the Facebook Messenger app, appropriating information and cryptocurrency from unsuspecting users. The malware directs consumers to fake links urging them to install bogus Chrome extensions.

That is a warning from Clifton, N.J.- based cybersecurity firm Comodo. Last year, the FacexWorm malware inundated Facebook Messenger. It sent out false messages to steal user passwords and other sensitive data such as financial information.

FacexWorm is capable of stealing passwords, and cryptocurrencies. It can even perform crypto jacking, injecting malicious mining codes into preferred websites as well as hijack transactions and web wallets.

“In the latest round of re-emergence, FacexWorm has gained new capabilities that include launching cryptocurrency scams, mining infected computers for cryptocurrencies, and stealing user account credentials from websites,” Comodo revealed.

The FacexWorm malware sends out socially engineered phony YouTube pages to trusting Facebook Messenger users, advising them to install a codec extension. FacexWorm malware also targets some users who search with the keywords such as 'blockchain' and 'ethereum'. Once the malware detects the cryptocurrency search by the user, FacexWorm prompts the user to verify the wallet address payment by sending a token amount. Comodo noted the malware has only compromised one bitcoin transaction so far even though there seems to be no way of getting the money back.

What does FacexWorm Malware Do?

  • According to Comodo, once entered, FacexWorm requests OAuth access (an open standard for access delegation) token for the Facebook account of the prey. It then automatically obtains the victim's friends list and sends the malicious links to them as well.
  • If the FacexWorm recognizes the victim opened the target website's login page, it then steals the user's account credentials for Google, and MyMonero accounts.
  • The malware also injects cryptocurrency miner codes to websites opened by the victim, which draws CPU power from the victim's device. It can even hijack the user's cryptocurrency-related transactions by locating the address keyed in and replacing it with an address provided by the hacker.
  • If the victim tries to remove the FacexWorm via chrome extension management, it quickly closes the opened tab.
  • Comodo also pointed out the hacker also gets a referral incentive every time a victim registers an account on DigitalOcean, FreeBitco.in, FreeDoge.co.in, or HashFlare.

“The growing popularity of cryptocurrency mining is attracting more and more hackers to target users. Though Google and Facebook have several security measures in place, hackers are trying hard to spread malware like FacexWorm extensions,” Comodo said in a blog. Therefore, users should not open suspicious links as they may transport possible malware.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).