Trend Micro had already spotted FaceXWorm, a malware presented in the form of an extension dedicated to the Chrome browser and that was then intended to send messages to the user's contacts on Messenger inviting them to click on a link to see a video. The malware invited to install a vertious extension that was then responsible for stealing their Google credentials, Coinhie or Monero.
And the malware had not yet delivered all its secrets since it appears that it is also in the ability to exploit the host PC to undermine cryptodevises without the knowledge of the user.
With this type of malware, cybercriminals have a potentially huge mining power that depends on the importance of the infection of the user pool. If Google had removed some extensions of its store, hackers multiply the outputs and hide the malware in various plug-ins.
The only parry proposed so far is to avoid clicking a little too fast on links shared by Messenger and not accept the installation of plug-ins returned by unknown links.
