Facebook Messenger Being Used to Distribute FacexWorm Cryptocurrency Mining Virus

FacexWorm is a crypto-currency hijacking extension for Google Chrome and it takes advantage of Facebook Messenger virus to spread all around the globe. The Facebook accounts which are hacked sends suspicious links through Facebook Messenger to several other Facebook users. This links contains a YouTube themed website that offers users to download FacexWorm JavaScript code. FaceWorm is a perilous infection that was detected by “TrendMicro” and according to their research, it can steal highly sensitive password, secretly adds data-mining codes in the targeted websites, as well as continuously redirects the webpage over crypto-currency scam websites. Some reports say that FaceWorm has also cheated Web Wallets and digital transactions platforms in the past.

Way Back in August, 2017, Some Facebook users had reported that they are receiving Facebook message that contains links redirecting over questionable domains. Though these links got redirected over different domains but majority were redirecting over YouTube theme based website that contains a message to download a particular Chrome extension in order to see the webpage content. Remember that FacexWorm only attacks Chrome browser and if it finds that then it starts webpage redirection over questionable domains that contain hidden installers. It is confirmed that FacexWorm cryptocurrency mining virus is using Facebook Messenger as a primary tool to distribute its spam. The links that appears like a Chrome extension installers is actually the FacexWorm payloads. When you agree to download it, some malicious codes are injected in the browser that collects all the login details and other credentials that you provide on any visited webpage.

According to TrendMicro, they have managed to detect Chrome extension that contains FacexWorm links and has reported about this matter to Chrome Staffs. Thankfully, the bulk of questionable extension has been removed. Thus there is a little risk of this perilous payloads circulation. Before getting exposed, this virus has taken over the Chrome users of major countries including Japan, SouthKorea, Taiwan, Spain and Germany.

Special Notes for CryptoCurrency Users

If you are using CryptoCurrency trading platform then you should be extremely careful from FacexWorm. It misguide the targeted victims by showing links that redirects over rogue “Wallet Address Verification” domain and asks to pay 0.5 to 1.0 Either coins anywhere of your wish to approve the wallet address. When you do so, your login credentials of digital wallet will get cheated and the cyber-criminals will cheat the entire content in it. So, there is a confirmed wallet and transaction hijacking behind this. The FacexWorm also consumes a huge amount of CPU resources in order to earn quick revenue.

To Avoid FacexWorm attack, you have to be careful while browsing and follow a safe browsing habit. Use a powerful anti-malware tool to get protection in real-time environment.