A new malware campaign rapidly spreading via Facebook is infecting victims’ systems to steal their social media credentials and download cryptomining code.
The malware, dubbed Nigelthorn by the Radware researchers who first discovered it, is being propagated via socially engineered links on Facebook. It has been active since at least March 2018 and has already infected more than 100,000 users globally, they said in a report.
The campaign operators created copies of the legitimate extensions and injected a short, obfuscated malicious script to start the malware operation, Adi Raff, security research team leader at Radware, told Threatpost. This is done to bypass Google’s extension validation checks.