FacexWorm Resurfaces and Spreads through Facebook Messenger

A virus named FacexWorm, which is an improved version of its predecessor is spreading via the Facebook Messenger app. This virus spreads via Facebook Messenger wherein links are sent to unsuspecting users. These malicious links take the users to a sham YouTube web page. Then the page tries to install a counterfeit Chrome browser extension. This fake Chrome extension tries to steal the passwords, login credentials, personal information, and cryptocurrency which is present in the infected device. It also seeks to use the affected device for the purpose of cryptocurrency mining. This virus also hacks the affected user’s accounts and sends the malicious links to other users who are on their contact list in order to spread this malware.

How is FacexWorm distributed?

The distribution of his virus includes setting up fake Facebook profiles. These profiles are programmed through bots to give out malicious links to the potential victims. These links, after that, lead to redirects. These redirects open a notification window which asks the victim to install a browser hacker.

Here is a list of the activities of this virus

  1. Steals login credentials: When the FacexWorm virus sees that the website login page of the target is open, it will insert a function which will transfer the login credentials to the C&C server, after the login form has been filled and the sign in button has been clicked. This virus steals the login details for websites Google, CoinHive, and MyMonero.
  2. Thrust a cryptocurrency scam: After this virus identifies that the victim is visiting any one of the 52 targeted cryptocurrency trading platforms, it leads the user to a scam page. IT does so also when it identifies that the user is entering keywords like “etherium” or “blockchain.” This scam lures the victims to transfer .5-10 ethereum to the hacker’s wallet for the purpose of verification and pledges to give back 5-100 People can alleviate this by just closing the webpage and then reopening it in order to get back the regular access to the original page.
  3. Cryptocurrency mining activity: This virus inserts a JavaScript crypto miner to pages which are accessed by the victim. This miner is an obscure CoinHive script which is connected to a Coinhive pool. As per the settings of the script, the miner gets configured so as to use around one-fifth of the infected computer’s CPU power for one thread. It opens four threats to conduct mining on pages.

How can you remove this virus from your computer?

To ensure that this malicious software is completely wiped out from your computer system, it is strongly recommended by security researchers that they boot their computer in safe mode to find and remove this virus’ files. The user will also have to locate and identify malicious files which are made by FacexWorm on their computer. Use Norton antivirus software to conduct a full PC scan. Norton antivirus, developed and created by Symantec Corp, is an incredibly robust software which will detect and remove this nefarious software in no time. Make sure that you have turned on the auto-update feature. To activate Norton setup, go to Norton.com/myaccount or Norton.com/setup.


Popular posts from this blog

How to Back Up Photos on iPhone

How to Send Address from Google to Garmin?

Tips to Update iOS on iPhone or iPad