Trend Micro, the popular cybersecurity company, revealed in the current week about the malign Chrome extension which resurfaced to poison the cryptocurrency exchanges. This extension of the Google Chrome had been detected previously in the year 2017 by the cybersecurity company Kaspersky Lab. It reportedly has revamped in the current year.
In the year 2017, as discovered by David Jacoby, a researcher of Kaspersky Lab the malignant virus with the help of the Facebook Messenger sent malicious links to the Facebook users, which when tapped on gave the attacker easy access to the Facebook accounts of the users. This also infected the users’ operating systems.
Aliased FacexWorm by TrendLabs team, the malware can even send the malign links to the associates of an already affected user account and to steal the users’ credentials for MyMonero, Google, and CoinHive. This malware tricks the users of the cryptocurrency websites into sending ETH into the web wallet of the attacker and even eats up the processing power of a computer. FacexWorm is a copy of a regular Chrome extension but is infused with shortcode consisting of its core routine.
The victims may even experience hijacking of cryptocurrency transaction as the malicious virus locates the victim’s entered an address and changes it with some other address entered by the traducer. The malware even makes money via referral programs related to cryptocurrency and has redirected the users to numerous websites such as DigitalOcean, Binance, FreeDoge.co. In, HashFlare, and FreeBitco.in.
The malware after propagating via the Facebook Messenger gets redirected to a bogus YouTube page, which asks the users get installed the codec extension for playing the videos. This then makes requests for privileged access. If permission is granted, then it results in a queue of further malicious codes downloads from Facebook and the command-and-control server. The malware in this process spreads further via the friend list of the account. In case the users are making use of the other browsers except for the desktop version of Chrome, the malicious links divert to some bogus advertisements.