FacexWorm Malware Targets Crypto

Gerard Antonucci
2 min readMay 3, 2018

--

www.blueprotocol.com

A resurface of the Facebook Messenger malware named “FacexWorm” is back on the attack but with a new target, your crypto assets.

The malware was first discovered in August 2017. However, within the past month, Cybersecurity research firm TrendMicro discovered an unusual spike in the malwares activity.

After their analysis, it was discovered that the malware was specifically targeting cryptocurrency enthusiasts.

How does it work?

Source: TrendMicro

The malware works by taking over a Facebook users profile and sending socially engineered links to that affected users friends list. Once the friend clicks on the link, it directs you to a fake Youtube page with a popup stating that you must download the Koblo extensions to view the video (as shown beside and below).

Source: TrendMicro

Once the user adds the extension, it has the capability to do the following.

Search browser history for cryptocurrency credentials

Hijack transactions

Redirect you to crypto related scams

Inject malicious code to mine crypto off of your computer through your browser

According to TrendMicro, they have only discovered one bitcoin transaction that has been caused by a compromised by the malware.

Keeping your crypto safe

Check out my article How to keep yourself protected from crypto scams for the ultimate guide to keeping your digital assets as secure as possible.

What are your thoughts on these frequent crypto scams? Comment below! I’d love to discuss.

Helpful Links

--

--

Gerard Antonucci

Crypto Marketer, Writer, and Data Collector. I love helping spread knowledge to the crypto community