A New Facebook Messenger Malware Is Targeting Crypto Users


A malicious Google Chrome extension known for its effectiveness has been revamped to target cryptocurrency exchanges, cybersecurity company Trend Micro reported this week.

Dubbed FacexWorm, Trend Micro said in a blog post that the malicious extension's capabilities «were made over» to steal user credentials for Google, MyMonero, and Coinhive; in sum, it promotes a scam that dupes users into sending ether to the attacker's wallet and drains a computer's processing power to power clandestine cryptocurrency mining.

The extension also has the ability to hijack cryptocurrency transactions on a variety of major exchanges including Poloniex, HitBTC, Bitfinex, Ethfinex, Binance in addition to Blockchain's (previously Blockchain.info) crypto wallet, according to Trend Micro.

First exposed in August 2017, the malware initially used Facebook Messenger to send malicious links that, when clicked on, provided the attacker with access to users' Facebook accounts while also infecting their operating systems. FacexWorm resurfaced in early April of this year.

Trend Micro said it had discovered one affected bitcoin transaction, but it has not identified the value of the plunder garnered from the crypto mining.

The company reported that Chrome removed many of the FacexWorm extensions prior to Trend Micro's discovery and that Facebook Messenger is also capable of detecting and blocking the insidious links the malware uses.

Chrome banned cryptocurrency mining extensions from its Web Store in early April.

Trend Micro advised users to «think before sharing, be more prudent against unsolicited or suspicious messages and enable tighter privacy settings for your social media accounts.»

Google Bans Crypto Mining Browser Extensions


Google has banned cryptocurrency mining browser extensions from the Chrome store.

The U.S. tech giant announced its decision on Monday, and said that in July it will start removing existing browser extensions that facilitate mining. Other blockchain-related extensions are still allowed.

Google previously permitted Chrome mining extensions as long as they were solely dedicated to mining and explicitly informed users of their purpose. But that policy wasn't enough to deter or keep out noncompliant add-ons.

Forum posts from The Chromium Projects — an open-source initiative started by Google to furnish source code for Chrome — show that developers have been concerned about mining extensions since last autumn.

According to Wired, Google decided to implement Monday's ban because the majority of mining extensions submitted to the Chrome Web Store failed to comply with its sole-usage policy.

«The key to maintaining a healthy extensions ecosystem is to keep the platform open and flexible,» James Wagner, Google's extensions platform product manager told Wired. «This empowers our developers to build creative and innovative customizations for Chrome browser users.» He explained further:

«This is why we chose to defer banning extensions with cryptomining scripts until it became clear that the vast majority of mining extensions submitted for review failed to comply with our single purpose policy or were malicious.»

The mining extension ban comes less than a month after Google announced its plans to ban cryptocurrency-related advertisements.

Clandestine cryptocurrency mining has become increasingly common in recent months, with governments and major companies alike suffering from attacks.

In February, for example, electric vehicle maker Tesla's cloud was compromised by mining malware. U.K. government websites were also exploited by mining malware around the same time.

In January, cybersecurity firm TrendMicro discovered that Google itself was a victim, and that its DoubleClick Ads were used to distribute crypto mining malware.