Posted: May 15, 2018

Facexworm Description

Facexworm is a Bitcoin miner Trojan that hijacks your browser for cryptocurrency-generating activities. This threat spreads via Facebook and may compromise the login credentials of any associated accounts in use on an infected computer. Allow your anti-malware products to uninstall Facexworm securely before changing any compromised passwords as soon as possible.

Browser-Enslaved Mining in Your Favorite Social Platform

Threat actors are using popular social networks for committing various misdeeds, such as file-locking Trojans like the VevoLocker Ransomware or disguised spyware like StressPaint. One of the latest Trojan campaigns abusing the Facebook platform, Facexworm, demonstrates the frequency with which the con artists are subverting different online socializing and media services for circulating their threats and enabling other attacks. Like most Trojans benefiting from regular maintenance practices, Facexworm is for making money – in its case, by taking over the user's Chrome browser.

Facexworm installs itself through already-compromised victims by querying their Facebook friends lists and sending messages to these contacts automatically. The included fake Youtube links (which function only in Chrome; otherwise, the browser loads a random advertisement) ask the upcoming victim for permission with installing an extension. This browser add-on is Facexworm, which includes various, cryptocurrency-focused features for taking over the victim's Chrome browser.

The Facexworm's features include ones with and without symptoms for the victim's viewing, of which, malware analysts are emphasizing the following as the core of the Trojan:

  • Besides hijacking Facebook profiles, new versions of Facexworm also take over cryptocurrency trading accounts and activities on various websites. The Trojan also takes over any Bitcoin wallet accounts.
  • Facexworm can redirect the victim from unrelated websites to cryptocurrency referral programs intended for generating currency for the threat actor automatically.
  • Finally, the Trojan also includes a feature for 'mining' a cryptocurrency automatically by using the infected PC's hardware, such as its CPU. Unlike previous functions, this one requires no consent from the user and shows limited symptoms besides those typically associated with limited system resource availability (such as poor program performance).

Keeping Your Social Life Worm-Free

Since Facexworm requires additional data from a C&C server for finishing its installation, any users protecting their network traffic with strict firewall rules may block the Trojan at its source. Chrome also notifies the user of extended permissions requests during the install routine, which gives a victim a second chance to refuse the extension. Although Facexworm is being removed from the Chrome Web Store regularly, its threat actors also are re-uploading it in response, and the Trojan's campaign is under active updating and maintenance.

Due to many of Facexworm's features involving taking over the Chrome web-browsing experience, malware experts recommend using a different browser until after resolving the infection. Conventional anti-malware programs should identify and remove Facexworm easily, like most, corrupted extensions. Erasing cookies and other, temporary browsing data with any associations with sites promoted by this threat can prevent Chrome from loading related, unsafe content after the Trojan's removal.

For most Facebook users not in the habit of tracking their resource-usage statistics, Facexworm may be capable of making Bitcoins off of their browsers and hardware indefinitely. Double-checking your Task Manager for unusual software behavior, checking up on your friends' Web security, and avoiding strange browser extensions are simple, but effective responses to 'social' Trojans like this one.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Facexworm may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.