Malware that mines virtual currency by infecting via Facebook messenger "FacexWorm"
Malware infected by security company Trend Micro via Facebook messenger "FacexWormWe announced a report about. FacexWorm steals Google account information stored on the infected PC, it hides the user and mining virtual currency and consumes CPU power. Trend Micro is sent by Facebook messenger We are calling attention not to step on the link easily.
FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation - TrendLabs Security Intelligence Blog
FacexWorm is malware discovered in August 2017. In April 2018, activities in Germany, Tunisia, Japan, Taiwan, South Korea and Spain were reported, and it turned out that infection of FacexWorm was rapidly expanding.
FacexWorm sends a link to Facebook friends via Facebook Messenger. When you access the link, you will be redirected to a fake page pretending to be a video streaming site like YouTube.
At the same time, a popup prompting you to install extensions for Chrome appears and permissions and FacexWorm are infected. Also, FacexWorm closes as soon as it detects that the user opens Chrome's "Extensions" settings page (chrome: // extensions /) and interferes with access to the configuration screen. In addition, when accessing with other web browsers, it is only displaying harmless advertisements.
Since the Chrome Web Store has deleted many of malicious extensions before Trend Micro's report, Facebook messenger can also detect malicious links and prevent spreading infection by blocking it, so FacexWorm Trend Micro has announced that it is sufficiently possible to suppress the spread of infection of the infection.
Like FacexWorm spreading infection via Facebook messenger as virtual currency mining malware as "Digmine"Was also reported in December 2017. Trend Micro calls for responding with sufficient vigilance without accessing defenseless even if the link flew from a good friend.