A malicious Google Chrome extension, has been reworked to target Cryptocurrency exchanges.
The malware, named FacexWorm, was remade to steal user information for Google, MyMonero, and Coinhive. It promotes a scam that tricks users into sending Ether to the attacker’s wallet, and drains the computer’s processing power for mining.
The extension can also hijack cryptocurrency transactions on many major exchanges, such as: Poloniex, HitBTC, Bitfinex, Binance, as well as Blockchain’s (formerly Blockchain.info) wallet.
First discovered in August 2017, the malware used Facebook Messenger as a medium to send malicious links that provided the attacker access to the victim’s Facebook account while also infecting their operating system.
Trend Micro, the firm that has been following the attacks has reported that chrome has removed many of the FacexWorm extensions prior to their discovery of it resurfacing, and that Facebook Messenger has been detecting and blocking the infected links.