A new malware strain inside Facebook Messenger wants your password, your money and your computer.
The malware, FacexWorm, is a modified version of malware that first appeared in August of 2017, according to cyber-security firm Trend Micro.
It typically starts by sending a link via Facebook Messenger. Clicking the link takes the victim to a fake YouTube page, which then tries to trick the user into installing a YouTube extension for the popular Chrome browser. From there it can steal passwords, try to steal cryptocurrency funds, or use a computer for cryptocurrency mining.
It will also send more fake YouTube links to contacts in order to spread the malware.
The malware is largely designed for conducting rogue cryptocurrency operations. It targets, for example, cryptocurrency exchanges, with the goal of hijacking transactions on popular cryptocurrency trading platforms and ultimately to steal money.
FacexWorm is also designed to do cryptocurrency mining – the method used for releasing new bitcoins – by injecting malicious code into webpages opened by the victim. The result is the victim’s computer is used, without the user being aware, for mining, according to Trend Micro.
“Cryptocurrency mining as a threat has been growing rapidly, and the threat actors have been looking at ways to increase their victim size so they can increase the number of devices performing the mining function,” Jon Clay, director of Global Threat Communications at Trend Micro, told Fox News.
“The more systems, the faster the mining operation, and hence the faster money can be made. This is one of many ways cybercriminals are looking to support their efforts,” he said, while adding Trend Micro has seen a “massive increase” in cryptocurrency mining attacks in 2017.
“This particular campaign uses a number of ways to obfuscate itself, [using a] Chrome extension and Facebook Messenger, to ensure both the ability to stay resident on a machine and to build more victims into the mining effort,” he continued.
Trend Micro posted a research note this week describing FacexWorm.
BleepingComputer, a computer security website, also reported on the malware.