Brian Jackson - Fotolia
Trend Micro Inc. researchers recently discovered FacexWorm, a new strain of malware that steals passwords and cryptocurrency funds, runs cryptojacking scripts, and spams Facebook users. How does FacexWorm spread and who is at risk?
Clicking on unknown links found in emails or on social media continues to be a risk, as phishing and many other attacks rely on users not being able to effectively determine if a link is malicious or not. Web browsers have added safe browsing functionalities -- including blacklists -- to prevent end users from falling victim to an attack.
This approach is effective for blocking known malicious websites; however, safe browsing isn't a panacea to stop malicious URLs, and it can be even more difficult to determine if a URL is malicious when the source of the URL is a friend who sends it via Facebook Messenger.
Joseph Chen, fraud researcher at Trend Micro, blogged about a type of malware -- dubbed FacexWorm -- that uses Facebook Messenger to steal passwords, mine cryptocurrency and target cryptocurrency transactions. FacexWorm also uses Facebook Messenger to spread itself to the friends of a targeted account.
When a user clicks on the URL carrying the FacexWorm malware, it takes him to a fake YouTube page that prompts him to install a malicious Chrome extension, although Google has since removed the extension. Users who are not using Chrome are sent to an apparently benign advertisement page.
The users at the highest risk are those who actively trade in or mine cryptocurrency because FacexWorm specifically targets cryptocurrency credentials and actively hijacks transactions.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been... Continue Reading
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it... Continue Reading
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.