The cryptocurrency saga continues. A malicious extension has been removed from Google’s Chrome browser after it was revealed that it had been spreading through Facebook, attempting to steal passwords from unsuspecting users and taking advantage of their PCs to mine cryptocurrency. This isn’t the first time that cyber criminals have attempted to hijack other people’s computers in order to mine cryptocurrency for them. The extension, named FacexWorm, used Facebook messenger to spread to other users, sending what appears to be a Youtube link, which actually redirected the user to a fake landing page. The extension then communicated with criminal servers in order to download further malicious code onto the user’s PC.
Last month, Google announced that it would no longer accept Chrome extensions that mined cryptocurrency, in a move suspected to coincide with the removal of FacexWorm
The FacexWorm extension was first discovered last August by a senior security researcher with Kaspersky Labs, TrendMicro also stating that they first discovered the extension around the same time. However, the removal of the malicious extension appears to have been triggered by a spike in activity in FacexWorm victims last month in parts of Europe and Asia.
Cyber criminals are constantly trying to cook up new ways to earn money, and the soaring value of cryptocurrencies combined with anonymous transactions has made them very appealing to criminals. The extension works in several ways – not only does it send itself out to everyone on a users’ Facebook friend list, it can redirect them to malicious pages if it detects anything crypto-related is typed into the browser, steal credentials from cryptocurrency websites such as MyMonero and Coinhive – all while using your computers processing power to mine currency, at the cost of your electricity bill and PC hardware life.
Facebook and Google have both been attempting to clamp down on these trends, with Google Chrome announcing last month that they will no longer be accepting Chrome extensions that mine currency, and Facebook rolling out features to automatically block cryptocurrency-focused social engineering links when it detects them.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”
As this threat is combated, another one is sure to rise. We strongly recommend that anyone who is still using an older, traditional antivirus should update to a next-generation antivirus, which can update its definitions in real time and better combat modern cyber security threats. Malware is now developed at such a rate that the signature-based detection system in traditional AV software just doesn’t cut it any more.