Facebook Users Beware : Hackers Infecting More PCs Using Nigelthorn Malware

Facebook Users Beware : Hackers Infecting More PCs Using Nigelthorn Malware
Rate this post

According to radware, a new malware emerged named Nigelthorn Malware, uses social engineering platform to infect PCs globally. As per the report, this malware is active since at least Mach 18, 2018 and already infect more than 100,000 computer world wide. The group behind this malware abuses a Google Chrome extension titled as Nigelify application, which is used to distributed via Social media links on Facebook.

Hackers have long utilized social networks as their haven to propagating malware and spam. Although, infected PC users are diverted to a bogus YouTube page that ask them to install a Chrome extension to play the video. Once the target user clicks on the Add extension and installed the application successful, the suspicious browser helper object in the form of extension is added to the victim’s web browser and the system is belong to the botnet. The Nigelthorn malware is risky so based on the chrome it will run on both platform Windows as well as Mac Os. Security researchers reveal that the spam campaign primarily focuses Chrome browsers and it is believed that those who are not using Chrome browser are out of danger. Furthermore, the team behind the suspicious malware uses Bitly URL shortening service. The target user who clicks on Add Extension, is rerouted to a Bitly URL from which they will be redirected to social network platform on Facebook. This is done actually to trick victimized PC users and regain access to there Facebook account.

In this newfound scam, 75% of the computer users are infected from Philippines, Ecuador, Venezuela and the rest 25% infiltrated over 97 different countries. As radware, the malware bypassing Google application validation detection, using created copies of legitimate extension and add a short, obfuscated malicious script to start the malware operation. Also, out of seven malicious extension, Google’s security algorithm recognizes and deactivate four of them effectively. But the awful Nigelify and PwnerLike remain active. After successfully distribution, a spiteful JavaScript is executed to load the initial malware configuration from Command and Control Server(C&C). Subsequently, a set of requests has been deployed with its own nasty purpose. Later the crooks behind this malware focused on stealing Facebook login credential and also Instagram cookies. The Nigelthorn malware also diverted compromised users to Facebook API to generate an Access Token that is transmitted to Command and Control server. All stolen data are used for infiltration, to distribute the malicious link to the target users network either new post that includes tag or message in Facebook messenger. The suspicious malware also downloading cryptomining program to the compromised PC.

Related Ref Link: Monero Miners

We strongly suggested that computer users who wish to use social media platform including facebook frequently may leave their anti-virus or anti-spyware protection running at all times even when attempting to use other social media platform. Cyber criminals using social media platform to spread there malware on target PC. So it is necessary do not access any unwanted Chrome extension or YouTube plug-ins to avoid such malware completely.

Leave a Reply

Your email address will not be published. Required fields are marked *