Brian Jackson - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does FacexWorm malware use Facebook Messenger to spread?

Researchers at Trend Micro found a new strain of malware -- dubbed FacexWorm -- that targets users via a malicious Chrome extension. Discover how this attack works with Nick Lewis.

Trend Micro Inc. researchers recently discovered FacexWorm, a new strain of malware that steals passwords and cryptocurrency funds, runs cryptojacking scripts, and spams Facebook users. How does FacexWorm spread and who is at risk?

Clicking on unknown links found in emails or on social media continues to be a risk, as phishing and many other attacks rely on users not being able to effectively determine if a link is malicious or not. Web browsers have added safe browsing functionalities -- including blacklists -- to prevent end users from falling victim to an attack.

This approach is effective for blocking known malicious websites; however, safe browsing isn't a panacea to stop malicious URLs, and it can be even more difficult to determine if a URL is malicious when the source of the URL is a friend who sends it via Facebook Messenger.

Joseph Chen, fraud researcher at Trend Micro, blogged about a type of malware -- dubbed FacexWorm -- that uses Facebook Messenger to steal passwords, mine cryptocurrency and target cryptocurrency transactions. FacexWorm also uses Facebook Messenger to spread itself to the friends of a targeted account.

When a user clicks on the URL carrying the FacexWorm malware, it takes him to a fake YouTube page that prompts him to install a malicious Chrome extension, although Google has since removed the extension. Users who are not using Chrome are sent to an apparently benign advertisement page.

The users at the highest risk are those who actively trade in or mine cryptocurrency because FacexWorm specifically targets cryptocurrency credentials and actively hijacks transactions.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in October 2018

Dig Deeper on Social media security risks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How have malicious Chrome extensions affected your enterprise or browser?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close