Brian Jackson - Fotolia
Trend Micro Inc. researchers recently discovered FacexWorm, a new strain of malware that steals passwords and cryptocurrency funds, runs cryptojacking scripts, and spams Facebook users. How does FacexWorm spread and who is at risk?
Clicking on unknown links found in emails or on social media continues to be a risk, as phishing and many other attacks rely on users not being able to effectively determine if a link is malicious or not. Web browsers have added safe browsing functionalities -- including blacklists -- to prevent end users from falling victim to an attack.
This approach is effective for blocking known malicious websites; however, safe browsing isn't a panacea to stop malicious URLs, and it can be even more difficult to determine if a URL is malicious when the source of the URL is a friend who sends it via Facebook Messenger.
Joseph Chen, fraud researcher at Trend Micro, blogged about a type of malware -- dubbed FacexWorm -- that uses Facebook Messenger to steal passwords, mine cryptocurrency and target cryptocurrency transactions. FacexWorm also uses Facebook Messenger to spread itself to the friends of a targeted account.
When a user clicks on the URL carrying the FacexWorm malware, it takes him to a fake YouTube page that prompts him to install a malicious Chrome extension, although Google has since removed the extension. Users who are not using Chrome are sent to an apparently benign advertisement page.
The users at the highest risk are those who actively trade in or mine cryptocurrency because FacexWorm specifically targets cryptocurrency credentials and actively hijacks transactions.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security... Continue Reading
Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively... Continue Reading
A Mozilla vulnerability duplicated in the Browser Reaper set of DoS proofs of concept caused Chrome, Firefox and Safari to crash. Learn why and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.