Brian Jackson - Fotolia
Trend Micro Inc. researchers recently discovered FacexWorm, a new strain of malware that steals passwords and cryptocurrency funds, runs cryptojacking scripts, and spams Facebook users. How does FacexWorm spread and who is at risk?
Clicking on unknown links found in emails or on social media continues to be a risk, as phishing and many other attacks rely on users not being able to effectively determine if a link is malicious or not. Web browsers have added safe browsing functionalities -- including blacklists -- to prevent end users from falling victim to an attack.
This approach is effective for blocking known malicious websites; however, safe browsing isn't a panacea to stop malicious URLs, and it can be even more difficult to determine if a URL is malicious when the source of the URL is a friend who sends it via Facebook Messenger.
Joseph Chen, fraud researcher at Trend Micro, blogged about a type of malware -- dubbed FacexWorm -- that uses Facebook Messenger to steal passwords, mine cryptocurrency and target cryptocurrency transactions. FacexWorm also uses Facebook Messenger to spread itself to the friends of a targeted account.
When a user clicks on the URL carrying the FacexWorm malware, it takes him to a fake YouTube page that prompts him to install a malicious Chrome extension, although Google has since removed the extension. Users who are not using Chrome are sent to an apparently benign advertisement page.
The users at the highest risk are those who actively trade in or mine cryptocurrency because FacexWorm specifically targets cryptocurrency credentials and actively hijacks transactions.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Social media security risks
Related Q&A from Nick Lewis
After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick ... Continue Reading
The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how ... Continue Reading
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.