Cryptocurrency Malware Education: FacexWorm

Cryptocurrency service providers have been a prime target for criminals for as long as most people can remember. Most recently, security researchers came across FacexWorm, which targets cryptocurrency trading platforms accessed through affected browsers. It is another worrisome development for crypto enthusiasts.

FacexWorm is a big Problem

Researchers over at TrendMicro have outlined the potential problems caused by FacexWorm. As the name somewhat suggests, the malware in question is mainly distributed through Facebook Messenger. This is one of the downsides of using increasingly popular instant messaging apps, as they will attract criminals of all kinds sooner or later. In this particular case, it seems Facebook Messenger is the primary method of attack, although different iterations may spread through other messaging solutions.

It seems FacexWorm was designed with one single objective in mind. Through this malware, criminals aim to target cryptocurrency trading platforms. Given the popularity of Bitcoin and other cryptocurrencies as of right now, this development is not surprising in the slightest. Criminals have shown a keen interest in cryptocurrency for some time now, and they will continue to hone their craft in this regard.

The malware will only work if a Facebook Messenger user is first infected with FacexWorm. Once that step is completed, the malware will alter the user’s browser in such a way that it can distribute socially engineered links to friends of affected Facebook accounts. Additionally, it is more than capable of stealing accounts and credentials from websites of interest. As of right now, this interest mainly pertains to cryptocurrency trading, which doesn’t bode well for users of exchanges.

For those exchange users who have two-factor authentication set up, the theft of their login credentials is less of a threat. Although criminals have demonstrated an ability to get 2FA access removed with minimal effort, we can only hope exchanges take notice and plan accordingly. Stealing credentials is only part of the story, though, as FacexWorm can inject malicious mining scripts on webpages and hijack transactions across trading platforms and web wallets.

Thankfully, it seems FacexWorm has not been a successful venture so far. Only one Bitcoin transaction has been compromised by this malware so far, but that situation may come to change in the near future. Considering that this malware is delivered through one of the world’s most popular social messaging applications, a lot of damage could be done moving forward. Even so, most users are getting smarter when it comes to avoiding scams and threats, although there’s still a lot of work to be done.

Users can ensure they remain safe from attacks such as FacexWorm. Chrome plugins remain pretty popular ways to distribute this malware, but it seems Google is actively removing those plugins as of right now. Anyone who practices decent security practices should be safe from harm, but it is evident that responsibility mainly rests in the hands of cryptocurrency enthusiasts right now.