Malware dubbed FacexWorm is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms. Malware is a clone of a normal Chrome extension but injected with short code containing its main routine. It downloads additional JavaScript code from the C&C server when the browser is opened. It then automatically obtains victim’s friend list and sends malicious, fake YouTube video link to friends of affected Facebook account to spread itself like a worm. The malware also injects cryptocurrency miner to web pages opened by the victim, which utilizes the victim computer’s CPU power to mine Cryptocurrency for attackers.
Source: https://thehackernews.com/2018/05/facebook-cryptocurrency-hacking.html