Learn how connectivity and security transforms business in a cloud-based world.

Sales 888-407-9594LoginSupport CenterContact Support
Close this search box.

FacexWorm, Cryptomining Give Ransomware a Run for Its Money


You thought ransomware was bad? Cybercriminals are embracing a new scourge, in the form of cryptomining. The latest bug, dubbed the FacexWorm, is an example of just how dangerous it can be.

Cryptomining is a type of malware that hijacks the CPU system resources of victim machines, slowing down performance and stealing power. It uses these resources to mine for virtual currency, especially Monero, which takes fewer resources to uncover than the more well-known Bitcoin.

It can be delivered as a standalone malware, but there are also drive-by versions, where online mining of Monero cryptocurrency starts when a user visits a web page. A product called Coinhive is offered as a legitimate service for webmasters looking for a monetization alternative to advertising, but criminals often embed it into websites without the site knowing, and unscrupulous websites use it without letting site visitors know.

Unlike ransomware, which usually results in only a small percentage of infected users actually paying the ransom and requires time and effort to interact with the victims, cryptomining is a “set it and forget it” proposition for attackers. It also tends to fly under the radar, and it can take weeks before a victim uncovers the infection. In other words, it requires minimal effort, but maximum reward. Perfect.

It’s lucrative too, with cryptocurrencies now reaching dizzying heights of valuation. To put the financial gains for the bad guys into perspective, an average system would likely generate about $0.25 of Monero per day, meaning that an adversary who has enlisted 2,000 victims could generate $500 per day or $182,500 per year.

Thus, it’s no wonder that it’s spreading rapidly. More than 4,000 government agencies in the US and the UK alone were recently found to be infected with it – and that’s just one section of one vertical. Various industry estimates postulate that as much as a quarter of all desktops are compromised.

A good example of the danger is that the FacexWorm is spreading via Facebook. Once it infiltrates a user’s account, it sends out faked Messenger video links to the victim’s contacts which, when clicked, replicate the malware onto those contacts’ machines. It has an impressive set of capabilities: It steals Google, MyMonero and Coinhive credentials when a victim logs in, injects a cryptocurrency miner that exploits the victim’s CPU, hijacks the user’s cryptocurrency-related transactions, detects when a user’s accessed a cryptocurrency trading platform, and thwarts removal and detection. It also communicates with a remote command-and-control server, from which it can download additional malware.

Further, FacexWorm has created the potential for building a large-scale malicious botnet. Facebook has an estimated 2.2 billion active users, so putting together a botnet consisting of hundreds of millions of devices would not be a difficult task. That botnet could be used for different kinds of attacks, including distributed denial of service.

So, FacexWorm presents a danger in and of itself, but it also acts as just the latest example of why organizations should be proactively protecting themselves from DDoS attacks.

The cyber landscape is a wild and wooly place, where financially motivated bad actors are always looking for the next big attack vector. Ransomware was the “it” malware last year. This year, cryptomining is catching fire. And there’s sure to be something else coming along the pike before not too long.

That’s why it’s important for companies to adopt comprehensive, real-time unified threat management (UTM), which can keep systems protected from malware, DDoS attacks and other concerns. A UTM appliance consolidates network security – including firewalls with anti-virus and anti-spyware protection, intrusion detection, web filtering and more – into a comprehensive and dynamic threat prevention solution.

TPx offers a managed UTM solution that’s always up-to-date on the latest threats, backed by the constant vigilance afforded by our Security Operations Center (SOC). With our SOC, you have access to dedicated certified security analysts with deep security expertise. They include ex-military, defense, and cyber security specialists with over 50 years of combined cyber security experience. We proactively monitor and manage the threats – before they hit you.

Contact your TPx representative today for details on how TPx can protect your valuable infrastructure, safeguarding your employees and business from ransomware, cryptomining and whatever the next major threat will be.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Managed Endpoint, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.

Subscribe to the TPx Newsletter

Get our top researched insights delivered right into your inbox to help you better manage your IT.

* indicates required fields

*By signing up, you are accepting TPx’s privacy policy.