A new strain of precarious malware named Nigelthorn malware has already infected more than 100,000 computers in 100 countries by abusing a Chrome extension known as Nigelify. The most affected countries by this dangerous malware are Venezuela, Philippines and Ecuador. This new computer virus has the ability to steal login credentials of Facebook accounts on victim’s machine, leads to click fraud, mining cryptocurrency and other malicious activities. According to the cyber security researchers, the racketeers responsible for Nigelthorn malware attack has been active since March 2018.
Security investigators have found that the threat is propagated through malicious links promoted on Facebook and targeted system users are also redirected to a bogus YouTube web page which asks the system users to download and install a Google Chrome extension in order to play the opened video. When the victimized users accepted the installation of an extension, the harmful payload of Nigelthorn malware gets inside the user’s machine and then started its malicious activities onto the system. By using the Google Chrome browser, Nigelthorn malware is especially programmed by the cyber criminals to target both Windows and Linux operating system.
After that, Nigelthorn malware deploys the set of requests onto the affected machine. However, the threat has the ability to steal cookies of Instagram and login credentials of Facebook. Additionally, this precarious cyber infection redirects the compromised PC users to a Facebook API in order to generate an access token which is then delivered to the hacker’s Command and Control server. As a result, the Nigelthorn malware spreads using the credentials stolen from victim’s machine. After that, the hackers distributed the malicious links through messages to the victim’s Facebook friend or publish a new post that consists tags for almost 50 contacts.