sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Si Cyber Intel: FacexWorm – Aggressive Malware Spreading Through Facebook Messenger
May2018

Si Cyber Intel: FacexWorm – Aggressive Malware Spreading Through Facebook Messenger

A malicious Google Chrome extension named FacexWorm, has been aggressively targeting cryptocurrency trading platforms accessed via a Chrome browser. The malware self-propagates through socially engineered links sent via popular social media platform, Facebook Messenger, to friends and family of affected Facebook accounts.

FacexWorm was first discovered by researchers back in August 2017 (although not much was known about the malware back then) and by April 2018 researchers from Trend Micro noticed a spike in its activities and reported that FacexWorm had indeed resurfaced in Germany, Japan, Tunisia, Taiwan, Spain and South Korea.

Analysis carried out by Trend Micro identified that the malware has morphed into a hybrid that not only retains its original features of listing and sending socially engineered web links to contacts of infected Facebook accounts, it is now able to steal victims’ account information and credentials of websites hijacked by this malicious extension.

FacexWorm has the capability to inject miners onto a web page, redirect possible victims to cryptocurrency scams and to the attacker’s referral link for cryptocurrency-related programs. It also has the ability to hijack transactions made in trading platforms and a victim's web wallet by changing the victim's address to that of the attacker.

Although it is currently unknown how much has been earned by this web mining, there have been reports of Bitcoin transactions compromised by FacexWorm.

Victims targeted by FacexWorm are automatically taken to a fake looking YouTube page that requests the victim to agree and install the extension before having access to a video. Once successfully installed, FacexWorm downloads additional malicious codes from a command-and-control server and opens Facebook. FacexWorm detects that Facebook is open and requests OAuth token from Facebook which allows the malware to access the victim’s lists of friends and family and subsequently continues to spread the fake YouTube links.

For information about Si Cyber’s malware detection and response capabilities, please contact sales@siconsult.com

 

All News

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

Leave this empty:

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this has event has been submitted and you will be contacted within 24 hours.