Security researchers at Trend Micro have discovered a malicious extension for the Chrome browser that interferes with users' cryptocurrency transactions in various ways. The malware, called "FacexWorm", enters the victim's browser through a YouTube link that prompts the user to install an extension to play videos. Once it is installed, the virus penetrates the account and distributes the same link among the user's friends.
The FacexWorm virus has extensive capabilities: it intercepts credentials if the user tries to log into Google, MyMonero or Coinhive; when the victim tries to go to certain cryptocurrency trading platforms, the virus redirects him to a scam site that requests a small amount of ether, supposedly for verification purposes; if a user tries to make a transaction on a cryptocurrency platform, the virus replaces the wallet address entered by the user with the attacker's wallet address.
Trend Micro says target currencies include Bitcoin Gold, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Ripple, Litecoin, Zcash and Monero. And, of course, FacexWorm has the option of using the victim's CPU to mine cryptocurrency. If the affected user tries to remove the malicious extension, the virus prevents him from doing so. If a user tries to open the Chrome extension's management page, the virus simply closes the tab.
FacexWorm was first reported last year. But the virus appears to have targeted adware at first, so there wasn't much activity until Trend Micro discovered it last month. According to Trend Micro, only one case was found in which FacexWorm compromised a bitcoin transaction, according to the address of the attacker's digital wallet, but it is impossible to say exactly how much the attacker actually earned.
According to experts, scammers are constantly trying to upload additional extensions infected by FacexWorm to the Chrome online store, but Google quickly removes them. And Facebook has automatic systems for tracking and blocking fraudulent links.
According to https://www.cyberscoop.com
You May Also Like
Facebook users are being subjected to a new type of cybercrime - they are being asked to pay ransom in Bitcoin
The threats begin the moment the victim receives a small file with a personal password from an adult website in his email. Unlike other similar cases, victims claim that these passwords were valid. Cybercriminals claim that in order to obtain passwords, they infected videos on porn sites with a virus.
DDOS attack on Verge cryptocurrency
Verge (XVG) is a cryptocurrency designed for everyday use and improvement of the original Bitcoin blockchain. Currently, the cryptocurrency is subject to DDOS attacks. The company confirmed this on Twitter: “It appears that several mining pools have experienced DDOS attacks. We are working to resolve the issue.”
