FacexWorms works just like Digimine, by spreading malicious links over Facebook Messenger via infected accounts to the friends of the account. Upon clicking the link, victims are redirected to a fake Youtube Site which will request the victims to install a chrome extension in order to play the video.

Just like Digmine, FacexWorm also works by sending socially engineered links over Facebook Messenger to the friends of an affected Facebook account to redirect victims to fake versions of popular video streaming websites, like, YouTube.

Once the victims installed the extension, Facexworm will then download additional codes from its command and control server and launch Facebook. Facexworm will subsequently request an OAuth access token from FB when it detects that the site is opened. This allows the virus to send multiple queries to Facebook to retrieve the friend list of the infected accounts and then propagate the malicious fake Youtube links to the friends of the account. The link will direct the user to some random advertisement if the link is accessed in other browsers than the desktop version of Chrome.

Since the extension request for extended permission during installation, the extension will have the ability to read and modify all data on any websites that the victim visits.

We disclosed our findings to Facebook, with whom we have a proactive cybersecurity partnership. The company shared its efforts to fight threats like FacexWorm: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger.

Researchers from Trend Micro are actively working with Facebook to combat the issue. Besides, team at Chrome Web Store has also been consistently removing the malicious extensions even before the researchers of Trend Micro notified them, however, the attackers are still actively reuploading the malware back to the Chrome Web Store. Facebook Users are advised to be vigilant on clicking suspicious links or files on the platform.

Kindly share this information with your friends and family to safeguard them from falling victim to such malicious attack and to further prevent the propagation of the malicious virus today.