Nigelthorn Malware Infects 100,000 Users via Facebook, Chrome Extensions

Because of how popular it is among users worldwide, Facebook has often been leveraged in various scams and malware attacks. The social platform is regularly abused by cybercriminals who use it to spread their payloads via malicious links in messages.

The latest such case involves several legitimately looking Chrome extensions that spread the Nigelthorn malware and have been active at least since March this year. According to Radware researchers, more than 100,000 users have already been infected by the malware dispersed in the described attack.

More about the Nigelthorn Malware Campaign

On May 3, 2018, Radware researchers detected a zero-day malware threat at one of its customers, a global manufacturing firm. “This malware campaign is propagating via socially-engineered links on Facebook and is infecting users by abusing a Google Chrome extension (the ‘Nigelify’ application) that performs credential theft, cryptomining, click fraud and more,” the researchers explained.

The malware in question has been dubbed Nigelthorn, and is spreading rapidly across victims via links on Facebook. These links lead to malicious browser extensions that aim to steal Facebook login credentials, meanwhile installing cryptocurrency miners and engaging users in click fraud.

Apparently, Nigelthorn has been using at least seven Chrome browser extensions which were successfully hosted on the Chrome Web Store. Radware researchers were the first to uncover three of those malicious extensions after one of their customers was compromised.

Why was the malware dubbed Nigelthorn?

As explained by the original, the names comes from the fact that the original Nigelify application replaces pictures to “Nigel Thornberry” and is responsible for a large portion of the observed infections. As for the infection chain, the malware redirects victims to a fake YouTube page and asks them to install a Chrome extension to (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: