A new cryptocurrency mining malware appears to have infected Facebook again, but this time the worm is more complex and sophisticated.

“Our Cyber Safety Solutions team identified a malicious Chrome extension we named FacexWorm, which uses a miscellany of techniques to target cryptocurrency trading platforms accessed on an affected browser and propagates via Facebook Messenger,” explained Trend Micro.

Similar to Dubmine, which caused mayhem on Messenger last year, FacexWorm spreads itself over a malicious Chrome extension that sends links to all of the people in the victim’s list. However, this new malware takes it to another level and displays a very convincing fake YouTube page that asks you for said extension.

Afterwards, the infected computers will be sent to the hacker’s referral links or scam on a cryptocurrency platform instead of the valid pages they the victims tried to access. The virus also tries to steal any account data for cryptocurrency sites and Google.

And like in most malware packages, this one also mines cryptocoins for the hacker by using the victim’s computing resources. But FacexWorm does not inject Coinhive’s regular Monero mining script. Instead, it uses an obfuscated version of the code, which infects every website the victim visits.

For those that are worried about getting infected, Chrome removed the extension, leaving the hackers with almost nothing as they apparently only succeeded to infect a small number of computers.

But if you want to avoid being attacked by this malware, be cautious when you click on links sent by people you know and which kind of Chrome extension requests pop up on your browser. You can try searching for the extension’s name followed by the word “virus” and the results should help you figure out if it is safe to install or not.