Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency

By on

Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent users, as crooks are sending messages that are laced with FacexWorm malware via Facebook Messenger.

Aptly named, FacexWorm is a nasty strain that directs victims to fake versions of websites, such as YouTube, and then asks they download a Chrome extension in order to play a video’s content. No shocker here, but the extension is malicious, and actually installs FacexWorm instead, which can then steal account credentials from selected websites, including Google and cryptocurrency websites. What’s more, the malware variant can also hijack traffic from cryptocurrency trading platforms and steal funds, as well as crypto-jack a device by injecting malicious crypto-mining code on a webpage.

Unfortunately, the worm has found a way to wiggle from device to device as well, as it leverages a command-and-control server to access an infected user’s Facebook and multiply the amount of fake YouTube links. These links are then sent to the user’s contacts in order to further spread FacexWorm. If the link is sent to a user who isn’t using Google Chrome, the link instead redirects to a random advert.

With FacexWorm slithering its way through Facebook accounts, what can users of the popular platform do to fight back against the malware? For starters, you can follow these security pointers:

  • Be careful what you click on. Be sure to only click on links from a trusted source.  Even then, if the content coming from a friend seems strange or out of character, it’s best to remain wary and avoid interacting with the message entirely.
  • Change your account login info immediately. Since one of FacexWorm’s main goals is to steal credentials to crucial sites, it’s important you change up your login to your Google account, any cryptocurrency accounts, and others you think may be affected by this attack. Be sure to make your next password strong and complex, so it will be hard for cybercriminals to crack.
  • Stay protected while you browse. Sometimes it’s hard to identify if an email or social media message is coming from a cybercriminal. Add an extra layer of security to your browser and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: ,

Leave a Comment

Similar articles

The McAfee Mobile Research team recently found an active phishing campaign using text messages (SMS) that tricks users into downloading and installing a fake voice-message app which allows cybercriminals to use infected devices as network proxies without users’ knowledge. If the fake application is installed, a background service starts a Socks proxy that redirects all ...
Read Blog
Here's some cool trivia for you: What profession currently has a zero-percent unemployment rate, pays an average of $116,000 a year, and is among the top in-demand jobs in the world? A lawyer? A pharmacist? A finance manager, perhaps? Nope. The job we're talking about is a cybersecurity specialist and, because of the increase in cyber ...
Read Blog