Facebook Messenger malware is stealing your password and your money

May 5, 2018

The number of Facebook users in the world is staggering. Despite the privacy controversies that plagued the social media giant these past few months, the Facebook user base is still sizeable.

With that said, Facebook’s other communication tool, Messenger, is also the go-to service for many internet denizens. At last count, there were more than 1.2 billion people using Facebook Messenger.

These massive numbers make both services a prime target for cybercriminals. We’re always warning you of the latest scams making the rounds on the social networking giant.

Now, we have learned that a new malware campaign is currently making the rounds on Facebook Messenger and if you get victimized, it can steal your Facebook password, steal your money and exploit your computer to mine cryptocurrency. Yikes!

New Messenger malware you need to know about

The malware we’re talking about is a new version of the FacexWorm. This malware is nothing new. It was first spotted roaming Messenger in August 2017, infecting computers with adware.

Here’s how it works. It is spread with malicious messages sent through Messenger. The message appears to have been sent by someone in the victim’s contact list. However, it’s most likely that the sender’s account has been hacked and their credentials have been stolen.

Warning! Do NOT click the link if you receive this message, it’s malicious.

Here’s an example of what the malicious message looks like:

 

Image: Example of malicious message spreading on Facebook Messenger. (Credit: SecureList)

The malicious messages typically contain a link that takes the victim to a fake YouTube site. If a victim is using Google Chrome, the scammers will try and trick the victim into downloading a malicious Chrome extension.

Note: The extension is currently named “Koblo.” However, the criminals behind the scam could change the extension name at any time in the future as well. 

Old worm, new tricks

FacexWorm’s new trick is, instead of just simply adware, the worm has gained more dangerous abilities.

For one, it can now steal the credentials and passwords of its victims across multiple websites. It can also hijack traffic from trading platforms and steal cryptocurrency funds. And lastly, it can cryptojack your computer by injecting malicious cryptomining code on a webpage.

From there, it can spread even further by sending more malicious messages to a victim’s Messenger contacts.

Note: Cryptojacking is the latest internet threat to watch out for. Click here for a detailed look at how cryptojacking works.

How to protect yourself from this nasty malware

Do NOT click on the link – Now that you know what to look for, do not click on the link if you receive this message (or any unsolicited messages for that matter.)

Warn your friends – If you receive this message, more than likely your friend has been hacked. Let all your friends know immediately so they can warn others not to click on the malicious link. Check your account to see if it’s sending messages that you don’t know about. If it is, you’ve been hacked and need to secure your account ASAP!

Deny Chrome Extension – If you click a link within an unsolicited message and the landing page asks you to install an extension, don’t. Immediately exit out of the page and delete the message. Here’s how to check if a Chrome extension is malicious.

Have strong security software on your gadgets – This is the best way to protect against digital threats.

In other news, medical devices at risk from dangerous KRACK attacks

Remember the KRACK Wi-Fi flaw that was publicly revealed in October 2017? It’s a widespread exploit that affects every WPA2 encrypted device in the world. That means if left unpatched, every Wi-Fi gadget you own – smartphones, computers, routers, tablets – can be exploited. And naturally, the same is true with wireless medical devices.

Tags: cybercriminals, Google, Google Chrome, internet, malware, security