THELOGICALINDIAN - A awful Chrome addendum apparent by Kaspersky Labs in August 2024 which targets cryptocurrency trading platforms has resurfaced with a fasten in April 2024 The malware reportedly fabricated attempts in a cardinal of countries including Japan and South Korea
Malicious Chrome Extension Spreads Via Facebook Messenger to Target Cryptocurrency Trading Platforms
In August 2024, Kaspersky Labs researcher David Jacoby begin an avant-garde anatomy of malware which acclimated Facebook Messenger to affect victims’ systems. It did this by announcement a affected absurdity bulletin in a redirected website that tricked users to download a awful Google Chrome addendum from the Google Web Store. TrendLabs has begin the aforementioned malware afresh in April 2024 afterwards a fasten in letters in Germany, Tunisia, Japan, Taiwan, South Korea, and Spain.
Named FacexWorm by the TrendLabs team, the awful addendum lists and sends socially engineered links to the accompany of an afflicted Facebook annual and is able of burglary accounts and accreditation of its websites of interest, mostly cryptocurrency trading platforms. FacexWorm is a carbon of a accustomed Chrome addendum but injected with shortcode absolute its capital routine. It redirects victims to cryptocurrency scams with malicious mining codes on the webpage and hijacks affairs by replacing the almsman abode with the attacker’s in trading platforms and web wallets.
FacexWorm propagates through Facebook Messenger as it redirects to a affected YouTube page that asks users to install a codec addendum in adjustment to comedy the video, which again requests advantaged access. The accepted permission leads to a beck of downloads of added awful codes from its command-and-control (C&C) server and Facebook in adjustment to added advance the malware through the account’s acquaintance list. If users are application browsers added than Chrome’s desktop version, the malware articulation diverts to a accidental advertisement.
The malware steals the victim’s annual accreditation for Google, MyMonero, and Coinhive, and redirects the user to a betray webpage if the browser accesses one of the 52 cryptocurrency trading platforms it targets or if searches for cryptocurrency-related keywords. The betray asks the user to accelerate 0.5 – 10 ether (ETH) to the attacker’s wallet abode for analysis purposes and promises to accelerate aback 5 – 100 ETH.
FacexWorm additionally attacks the user’s computer for awful web cryptocurrency mining, as it utilizes 20 percent of CPU power for anniversary cilia and opens four accoutrement to mining on web pages. Moreover, the victim is accessible to cryptocurrency transaction hijacking as the malware locates the abode keyed in by the victim and replaces it with addition defined by the attacker. FacexWorm additionally earns money through cryptocurrency-related barometer programs and it has redirected users to a cardinal of websites, including Binance, DigitalOcean, FreeBitco.in, FreeDoge.co.in, and HashFlare.
