Security firm Trend Micro’s researchers have identified a cryptocurrency hijacking Google Chrome extension similar to Digmine at the end of April 2018 that can hijack Bitcoin transactions before getting detected. The extension utilizes an already discovered malware called FacexWorm.
The malware was first spotted in August last year on Facebook Messenger when it sent out fake messages in an attempt to steal passwords and other sensitive information from users on the platform.
Since the time FacexWorm was detected, security experts were keeping an eye on its activities and in April 2018 they detected that its activity has substantially increased. The main target of FacexWorm even this time around is Facebook users across the globe.
If FacexWorm identifies that the browser isn’t Chrome, it redirects the user to a harmless advertisement.
The malware is capable of stealing passwords, cryptocurrency can even perform crypto jacking, injecting malicious mining codes into preferred websites as well as hijack transactions and web wallets.
Interestingly enough, the blog post states, FacexWorm malware specifically targets cryptocurrency trading portals by searching for keywords such as ‘blockchain’ and ‘ethereum’ present in the URL. Once detected, it will apparently prompt the user to verify wallet address payment by sending a token amount of Ether. While there seems to be no possibility of getting the money back, researchers say only one Bitcoin transaction has been compromised in the ordeal yet.