Brian Jackson - Fotolia
How does FacexWorm malware use Facebook Messenger to spread?
Researchers at Trend Micro found a new strain of malware -- dubbed FacexWorm -- that targets users via a malicious Chrome extension. Discover how this attack works with Nick Lewis.
Trend Micro Inc. researchers recently discovered FacexWorm, a new strain of malware that steals passwords and cryptocurrency funds, runs cryptojacking scripts, and spams Facebook users. How does FacexWorm spread and who is at risk?
Clicking on unknown links found in emails or on social media continues to be a risk, as phishing and many other attacks rely on users not being able to effectively determine if a link is malicious or not. Web browsers have added safe browsing functionalities -- including blacklists -- to prevent end users from falling victim to an attack.
This approach is effective for blocking known malicious websites; however, safe browsing isn't a panacea to stop malicious URLs, and it can be even more difficult to determine if a URL is malicious when the source of the URL is a friend who sends it via Facebook Messenger.
Joseph Chen, fraud researcher at Trend Micro, blogged about a type of malware -- dubbed FacexWorm -- that uses Facebook Messenger to steal passwords, mine cryptocurrency and target cryptocurrency transactions. FacexWorm also uses Facebook Messenger to spread itself to the friends of a targeted account.
When a user clicks on the URL carrying the FacexWorm malware, it takes him to a fake YouTube page that prompts him to install a malicious Chrome extension, although Google has since removed the extension. Users who are not using Chrome are sent to an apparently benign advertisement page.
The users at the highest risk are those who actively trade in or mine cryptocurrency because FacexWorm specifically targets cryptocurrency credentials and actively hijacks transactions.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)