Trend Micro Sees Malicious Chrome Extension Targeting Cryptocurrency Users
Trend Micro, a security firm, disclosed that a malicious chrome extension is targeting crypto-related activities. This included users of the digital currency, virtual coin exchanges, and companies. The security firm termed the extension as “FacexWorm” and that its capacities were ‘made over’ in the latest version. This increases the possibility of stealing the accounts of users. The cyber attackers have been focusing more on the digital currency space currency in view of its sharp increase in prices and the wider adoption rate.
Routine of Listing
Trend Micro disclosed that FaceaxWorm retains the normal practice of listing and sending links to friends that are socially engineered. This included an affected Facebook account of a friend. However, the new type of malware has every potential to not only steal accounts but also credentials of websites of interest. This apart, it would also redirect possible victims to digital currency scams by injecting malicious codes for mining purposes on websites. This apart, it would also redirect to the referral link of the attackers for virtual currency-associated referral programs.
The malware could also hijack transactions from the trading platforms, as well as, wallets through the replacement of the recipient address with that of the cyber attackers. The security firm disclosed they were able to detect at least one transaction of bitcoin being compromised with the help of FacexWorm. However, it was not sure as to how much the cyber attackers could get from that transaction of malicious web mining. It was in August 2017 that an extension was exposed first and Facebook Messenger was used to targeting people.
The practice adopted was to send a link to users of the social media that would redirect to a duplicate. Such page would naturally ask users to agree unwittingly and install an extension of codec that was known as FacexWorm so that users could play the vide of the specified page. Once that is done, it would seek privilege for accessing, as well as, changing the data on the website that was opened. Following this practice, the extension would commence its malicious activities. That is contacting the command center.
Trend Micro stated that it was nothing but a clone of a normal extension of Chrome. However, it was injected with a shortcode that contains the main routine. The malware would also push a scam of cryptocurrency through the manipulation of users to send ethereum. This is apart from the capacity to attack several trading platforms. This included Binance, Ethfinex, Bitfinex, HitBTC, and Poloniex.
Not Found Anyone transferring
However, the security firm indicated that it could not find anyone transferring the digital currency in reality through such threat was there. Trend Micro also disclosed that Google’s Chrome had removed several extensions of FacexWorm before it could find the problem. Similarly, Facebook’s Messenger also has the capacity to not only detect but also block the insidious links.
Cyber attack is a big issue that cryptocurrency exchanges are facing currently. More than half a billion dollar was stolen in Japan in January this year. Similarly, India too witnessed stealing of bitcoins from Coinsecure.