Chrome Malware Attacks Crypto Users
Trend Micro blog reported that their Cyber Safety Solutions team identified a new type of malware which targets cryptocurrency trading platforms and exchanges accessed via affected device. The team who recognized it named the malware – FacexWorm.
It disguises itself as a Chrome extension and have been spread lately through Facebook Messenger. Trend Micro have already notified Chrome and many of these extensions were removed.
The virus itself isn’t new, as the first cases were found in August 2017. However, it wasn’t known how it works. Recently, it was possible to work out the potential malicious strategy. The virus is spread through socially engineered links send among friends on affected Facebook accounts. The person doesn’t know that a message is being sent from his account, while his friends think that he simply shared something useful or innocent and don’t suspect that the link contains malicious software. The victim is redirected to a fake YouTube page, which looks exactly like a regular YouTube. It then displays an error that in order to watch the video user has to download a special update. Many people can be easily deceived by such information, as YouTube is big enough platform used by millions everyday. What is more, the now installed virus will start spreading new malicious links from our own Facebook accounts to the rest of our friends.
FacexWorm is able to steal accounts and credentials from their websites of choice. Moreover, it redirects the potential victims to cryptocurrency scams, ads hidden mining software or even steals cryptocurrency by replacing the recipient address with their own so that the victim sends unwillingly money to a wrong wallet.
Trend Micro advises users to “think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.”
