A malicious Google Chrome extension was upgraded for use on the cryptocurrency exchanges. About this this week announced Trend Micro, the Japanese company-developer of software for cyber security.

In his blog, Trend Micro said the malicious extension FacexWorm can intercept the user’s credentials for Google, MyMonero, and Coinhive.

When the user sends a payment in the air FacexWorm can replace the wallet address to your recipient, and use the processing power of computers of victims for covert mining.

In addition, according to Trend Micro, this extension can capture the cryptocurrency transactions on major exchanges including Poloniex, HitBTC, Bitfinex, Ethfinex, Binance and Blockchain wallet (formerly Blockchain.info).

The malware was first discovered in August 2017 and originally used Facebook Messenger to send links that directed users to a fake YouTube page that request permission to establish expansion of the codec (FacexWorm) for video playback. Thus the attackers had access to user accounts Facebook, as well as infecting their operating systems.

A surge of new activity of the modified Facexworm were recorded by Trend Micro on April 8. The Japanese company wrote that found one victim from Facexworm bitcoin transaction, but to determine the amount of the stolen money failed.

According Trend Micro, Chrome managed to remove many of the extensions to a perfect FacexWorm them open. Facebook Messenger also able to detect and block the insidious links used BY the malware.

We will remind that before in the beginning of April, Google has removed the browser extensions for mining. According to the Manager extension Google James Wagner (James Wagner), the decision was taken due to the fact that “the vast majority of such plugins does not conform to a single destination or are malicious.”

Trend Micro advised users to “think very carefully before sharing data, to be more cautious with unsolicited or suspicious messages and to include more restrictive privacy settings for their accounts of social networks”.