Security researchers at Trend Micro have discovered a malicious extension for the Chrome browser that interferes with users' cryptocurrency transactions in various ways. The malware, called "FacexWorm", enters the victim's browser through a YouTube link that prompts the user to install an extension to play videos. Once it is installed, the virus penetrates the account and distributes the same link among the user's friends.
The FacexWorm virus has extensive capabilities: it intercepts credentials if the user tries to log into Google, MyMonero or Coinhive; when the victim tries to go to certain cryptocurrency trading platforms, the virus redirects him to a scam site that requests a small amount of ether, supposedly for verification purposes; if a user tries to make a transaction on a cryptocurrency platform, the virus replaces the wallet address entered by the user with the attacker's wallet address.
Trend Micro says target currencies include Bitcoin Gold, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Ripple, Litecoin, Zcash and Monero. And, of course, FacexWorm has the option of using the victim's CPU to mine cryptocurrency. If the affected user tries to remove the malicious extension, the virus prevents him from doing so. If a user tries to open the Chrome extension's management page, the virus simply closes the tab.
FacexWorm was first reported last year. But the virus appears to have targeted adware at first, so there wasn't much activity until Trend Micro discovered it last month. According to Trend Micro, only one case was found in which FacexWorm compromised a bitcoin transaction, according to the address of the attacker's digital wallet, but it is impossible to say exactly how much the attacker actually earned.
According to experts, scammers are constantly trying to upload additional extensions infected by FacexWorm to the Chrome online store, but Google quickly removes them. And Facebook has automatic systems for tracking and blocking fraudulent links.
According to https://www.cyberscoop.com
You May Also Like
The Good, the Bad and the Ugly Bitcoin Bug
For over a year, all versions of Bitcoin Core contained one of the worst bugs in Bitcoin history. In this article, we will reveal the good, bad and ugly details about one of the most annoying Bitcoin Core bugs to date.
Hackers infected several Indian government websites
Andhra Pradesh Municipal Administration, Tirupati Municipal Corporation and Macherla Municipal Administration portals are among several hundred Indian websites infected with malware. This software uses the victim’s computer to secretly mine cryptocurrencies. Hackers achieve this by sending malicious links to victims' emails, or by infecting websites with JavaScript code.
