Nigelthorn malware steals Facebook credentials, mines for cryptocurrency

facebook
malware
nigelthorn
radware

#1


via ZDNet

The malware is spreading across Facebook in order to steal account details and install cryptocurrency mining scripts on victim machines.

A new malware campaign has been uncovered on Facebook which not only steals account credentials but also installs scripts for covert cryptocurrency mining.

Cybersecurity firm Radware said in a blog post on Thursday that Nigelthorn is a new campaign which focuses on the Facebook social network.

The malware is so called due to the abuse of a legitimate Google Chrome extension called “Nigelify,” which replaces images displayed on a web page with pictures of Nigel Thornberry, a cartoon character from the television show The Wild Thornberrys.

Nigelthorn was discovered in May this year and has infected over 100,000 Facebook users in over 100 countries to date.

According to Radware researchers, the Nigelthorn campaign is propagating across the social network through social engineering and private messages and aims to dupe users into downloading malware for the purpose of account hijacking, cryptojacking, and click fraud.

Potential victims will see a message from a connection in their network which tags them in a post or will receive private messages which alternatively contain a malicious link or picture.

If a victim clicks through, the malicious link redirects victims to a fake YouTube page which requests that users install a Google Chrome extension in order to play video content.

See more:

https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/