Warning over new Facebook Messenger malware that steals your passwords


Security researchers have discovered a new form of malware that can install itself on to your device without you knowing and steal your passwords.

The malware, called FacexWorm, first appeared in August 2017 but has has now appeared and is once again infecting devices.

Spotted by security researchers from McAfee, the FacexWorm infects devices by tricking users into clicking on links to fake versions of popular websites such as YouTube.

Once the user clicks on the link it begins to download a malicious Google Chrome extension which purports to fix an error on the device.

However, once the extension is installed it steals Google account login details and other account passwords.

The malware can also steal the login details to your Facebook account and take control of your profile. It can also steal banking and credit card details and install crypto mining software onto your device.

“FacexWorm is a nasty strain that directs victims to fake versions of websites, such as YouTube, and then asks they download a Chrome extension in order to play a video’s content,” McAfee’s Chief Consumer Security Evangelist, Gary Davis wrote in a blog post.

“No shocker here, but the extension is malicious, and actually installs FacexWorm instead, which can then steal account credentials from selected websites, including Google and cryptocurrency websites.”

“Unfortunately, the worm has found a way to wiggle from device to device as well, as it leverages a command-and-control server to access an infected user’s Facebook and multiply the amount of fake YouTube links.”

The malware then spreads by gaining access to your contact list and sending a message containing the malicious link to your friends.

The advice from McAfee is to be vigilant for any messages containing links that may be sent to you via Facebook Messenger.

Avoid any links that may look suspicious, even if they appear to be sent to you by a friend.

“If the content coming from a friend seems strange or out of character, it’s best to remain wary and avoid interacting with the message entirely,” McAfee said.

Other advice includes using strong and secure passwords across your online accounts and making sure you have up to date anti virus software installed.


Comments are closed.