Dangerous malware appears spreading via Facebook Messenger
Recently, Trend Micro security experts warned users about a new type of malware spreading through Facebook Messenger, aiming to steal login information.
The new malware is called FacexWorm, which operates as an extension on the Google Chrome browser. The new version of FacexWorm has just been integrated with a number of features to steal account information from websites such as Google, cryptocurrency trading sites, redirect victims to malicious websites, exploit device hardware to mine cryptocurrency, etc.
 |
This isn’t the first malware to exploit Facebook Messenger to spread. Late last year, Trend Micro researchers also discovered a Monero mining bot, called Digmine, that spread through Facebook Messenger and targeted Windows users.
Accordingly, cybercriminals will take advantage of hacked Facebook accounts, using them to send malicious links to others via Messenger. When clicked, you will be redirected to fake online video streaming websites with interfaces identical to YouTube, Vimeo... and ask to install additional extensions to watch videos. Note that the FacexWorm extension only targets Google Chrome users, so if you open the link using another browser, the malware will redirect to a regular advertising page.
 |
“FacexWorm will download multiple modules, receiving commands from the server when the browser is opened,” the researchers said. The malware can access or modify any data on the websites that the user opens. To avoid detection or removal, FacexWorm will immediately close the opened tab when it detects that the user is opening the extension management page on Google Chrome.
So far, researchers at Trend Micro have found that FacexWorm has compromised at least one Bitcoin transaction ($2.49), but they don’t know how much money the attackers have made from the malicious sites. FacexWorm malware has been found in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain. However, given the popularity of Facebook Messenger, it’s likely that FacexWorm will spread globally quickly.
Google has now removed the malicious extension from the Chrome Store before Trend Micro researchers issued a warning. Therefore, to be safer when using Facebook, users should limit clicking on malicious links, even if they are sent by friends or relatives.
If you find it useful, don't forget to share the article with many people or leave a comment when you encounter problems during use.
