Security researchers at Trend Micro have discovered a malicious extension for the Chrome browser that interferes with users' cryptocurrency transactions in various ways. The malware, called "FacexWorm", enters the victim's browser through a YouTube link that prompts the user to install an extension to play videos. Once it is installed, the virus penetrates the account and distributes the same link among the user's friends.
The FacexWorm virus has extensive capabilities: it intercepts credentials if the user tries to log into Google, MyMonero or Coinhive; when the victim tries to go to certain cryptocurrency trading platforms, the virus redirects him to a scam site that requests a small amount of ether, supposedly for verification purposes; if a user tries to make a transaction on a cryptocurrency platform, the virus replaces the wallet address entered by the user with the attacker's wallet address.
Trend Micro says target currencies include Bitcoin Gold, Bitcoin Cash, Dash, Ethereum, Ethereum Classic, Ripple, Litecoin, Zcash and Monero. And, of course, FacexWorm has the option of using the victim's CPU to mine cryptocurrency. If the affected user tries to remove the malicious extension, the virus prevents him from doing so. If a user tries to open the Chrome extension's management page, the virus simply closes the tab.
FacexWorm was first reported last year. But the virus appears to have targeted adware at first, so there wasn't much activity until Trend Micro discovered it last month. According to Trend Micro, only one case was found in which FacexWorm compromised a bitcoin transaction, according to the address of the attacker's digital wallet, but it is impossible to say exactly how much the attacker actually earned.
According to experts, scammers are constantly trying to upload additional extensions infected by FacexWorm to the Chrome online store, but Google quickly removes them. And Facebook has automatic systems for tracking and blocking fraudulent links.
According to https://www.cyberscoop.com
You May Also Like
Know your enemy: white hat hacker Tayo Dada reveals how cybercriminals operate
Not long ago, British Airways and Facebook were on the long list of hacker victims. Such events hit the reputation of companies quite hard; many clients stop trusting them. But what do the hackers themselves get as a result of these attacks?
Amazon Fire TV media player may be infected with Android virus
Watching pirated movies or TV channels through the Amazon Fire TV Stick or Amazon Fire TV media player can infect your Android device with malware that allows for hidden mining.
