During the last month of April 2018, a malware named FacexWorm has spread through Facebook messenger all the way to cryptocurrency trading platforms and web-wallets. With the recent wave of cyber-attacks, we are now observing a 4000% spike in crypto-related malware attacks since January 2018, as reported by Malwarebytes.
FacexWorm was first discovered in August 2017 by Kaspersky Labs Engineers, with no efficient antidote.
Thanks to its impressively sophisticated social engineering, cross-platform coordination, and viral propagations capabilities, Trend Micro rose the FacexWorm alarm and is actively collaborating with Facebook and Google Chrome to stop the digital epidemic, so to speak.
The biggest number of infected crypto-traders are located in Germany, Spain, Tunisia, Japan, Taiwan and South Korea while the total amount of stolen funds remains unknown.
How Does it Spread?
Technically, FacexWorm is a clone of a Chrome Extension that contains a short code programming its main routine. The malware appears in messenger and starts by displaying a fake error message that directs users to a fake YouTube page. It then tricks them into installing some Google Chrome extension. Nothing appears dubious as the attacker seems to know exactly what he is doing, and is able to publish directly on the Google Web Store. While a promotional video plays, hidden privileged access is required and obtained through this phase.
FacexWorm propagates through social media and into your trading platform wallet. Source: Trend Micro
Subsequently, the malicious code sends links to the friend list of the infected trader’s Facebook account. These infected links are capable of retrieving data for any credentials on their websites of interest. Victims then get redirected to cryptocurrency scams while the malware hijacks transactions by replacing any recipient address with the attacker’s one in every web-wallet, cold wallet or active trading platform.
An Endless Problem For Vulnerable Traders
FacexWorm is not the first malware to have spread through messenger. In late 2017, Dubmine had tapped Facebook messenger users to mine Monero (XMR) cryptocurrency once their computer is infected after getting them to install a Chrome extension as well, that has ever since been deleted by Google. As with Dubmine, Google has already deleted the Chrome extension responsible for infecting users and spreading the malware through messenger.
Last Month as well, yet another malware had been much reported and discussed through various web media outlets. Named PyRoMine, this cryptocurrency mining malware uses a leaked NSA exploit known as EternalRomance, to duplicate itself into vulnerable computer systems. PyRoMine is also an undercover Monero miner that has the capability of stopping Windows updates and transferring encrypted data from the infected machine.
Another form of cybercrime has also been very fruitful to perpetrators. Ransomware attacks like Petya and WannaCry made the headlines during 2017 and even caused involvement on a governmental level to prevent future attacks.
The increase in the occurrence of such cyber attacks is raising more and more question on the security of users, not to mention the shield of anonymity: the very core and promise behind the cryptocurrencies concept.
How to Dodge Such Threats?
Malware will always be around as long as people are drawn into free stuff. It’s then more important to focus on proactive steps to take to avoid losing hardly earned cryptos to attackers.
- The first step is to stay away from all suspicious cryptocurrency “faucet” websites, unverified email attachments, and dubious messenger links. Some malwares are also integrated to macros in word or excel files, and we should all be cautious when downloading material from the Internet. It’s no big news, if anything is free, you might be the customer after all (or should I say the victim).
- Still, in the proactive approach, there are specialized anti-crypto malware solutions out there like Hitman Pro or Malware Bytes.
Finally, since most malwares also pop up like undesirable annoying marketing, installing an ad-blocker might be the first shield we all need.