FacexWorm, a Malicious Chrome Extension Proliferates via Facebook Messenger
FacexWorm a malware-laced Chrome extension has been detected attacking crypto-currency trading services by using Facebook Messenger so it can seize account details to log into Coinhive and MyMonero of Google.
A blog post dated April 30, 2018 reports that it was August 2017 the time of the malicious program's first detection, although security researchers at Trend Micro observed a rise in activities when external reports simultaneously revealed FacexWorm as emerging within Japan, Tunisia, Germany, Spain, South Korea and Taiwan.
The malicious program distributes socially-engineered web-links among the contacts of infected Facebook account-owner so that potential victims can be diverted onto crypto-currency scam campaigns; tainted mining codes can be injected into the web-page; and victims diverted onto attacker's referral web-link pertaining to crypto-currencies.
Security firm Trend Micro's researchers, who named the malicious program FacexWorm, state that whilst FacexWorm continues to proliferate through Facebook followed with abusing Google Chrome, plentiful capabilities the worm features have been totally recreated. ZDnet.com posted this, May 1, 2018.
The recreated capabilities include the ability for seizing account credentials on targeting crypto-currency websites and Google. Further the worm thrusts its own crypto-currency scams while mines infected computers to get more currencies. It attacks users of crypto-currency trading forums via the search of keywords such as 'ethereum' or 'blockchain' within the web-address.
Besides, FacexWorm manages persistence on the infected system unnoticed by the user who could otherwise remove the extension from his computer. It can know as the victimized user opens management page extension of Chrome, so it shuts the related tab.
Lastly, when end-users attempt at visiting particular websites, FacexWorm's malicious extensions diverts those end-users onto referral URLs that's another method of the attackers to reap money through contaminated hosts.
It is reported the referral web-links are for sites namely DigitalOcean, Binance, HashFlare, FreeDoge.co.in and FreeBitco.in. It is being urged that end-users be wary of what they are accessing as well as sharing with others online.
Trend Micro stated it terminated the FacexWorm scam immediately when it began and informed Facebook and Google. Subsequently, staff of Chrome Web Store eliminated the extension whereas FB blacklisted the domains tied to the junk messages.
» SPAMfighter News - 5/8/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!