{"id":393,"date":"2018-05-10T18:00:34","date_gmt":"2018-05-10T18:00:34","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=131878"},"modified":"2018-05-10T18:00:34","modified_gmt":"2018-05-10T18:00:34","slug":"new-facebook-spread-malware-triggers-credential-theft-cryptomining","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/","title":{"rendered":"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<p>A new malware campaign rapidly spreading via Facebook is infecting victims\u2019 systems to steal their social media credentials and download cryptomining code.<\/p>\n<p>The malware, dubbed Nigelthorn by the Radware researchers who first discovered it, is being propagated via socially engineered links on Facebook. It has been active since at least March 2018 and has already infected more than 100,000 users globally, they said in a <a href=\"https:\/\/blog.radware.com\/security\/2018\/05\/nigelthorn-malware-abuses-chrome-extensions\/\">report<\/a>.<\/p>\n<p>The campaign operators created copies of the legitimate extensions and injected a short, obfuscated malicious script to start the malware operation, Adi Raff, security research team leader at Radware, told Threatpost. This is done to bypass Google\u2019s extension validation checks.<\/p>\n<p>After first detecting the zero-day malware threat at one of Radware\u2019s customers, a global manufacturing firm, researchers named the malware after the main Google Chrome application it leverages: the \u201cNigelify\u201d application. This legitimate Chrome app replaces pictures with the face of cartoon character <a href=\"http:\/\/wildthornberrys.wikia.com\/wiki\/Nigel_Archibald_Thornberry\">Nigel Thornberry<\/a>, and Radware said that it has been responsible for a large portion of the observed infections.<\/p>\n<p>However, the bad actors are also using other existing, approved Chrome extensions like PwnerLike and iHabno.\u00a0In all, seven Chrome applications have been discovered laden with the malware. Raff said four of these have been identified and blocked by Google\u2019s security algorithms.<\/p>\n<p>A Google spokesperson told Threatpost: \u201cWe removed the malicious extensions from Chrome Web Store and the browsers of the small percentage of affected users within hours of being alerted.\u201d<\/p>\n<p><strong>Attack Process<\/strong><\/p>\n<p>The attack chain starts with a victim clicking on a malicious link sent via Facebook.\u00a0\u201cVictims will log into their Facebook and see a personal message from one of their friends, or they\u2019ll be tagged in a post with a malicious link, and a picture sometimes, asking them to click on it,\u201d said Raff.<\/p>\n<p>The link redirects victims to a fake YouTube page and asks the user to install a Chrome extension to play the video.<\/p>\n<p>Once the user clicks on \u201cAdd Extension,\u201d one of the seven malicious extensions \u2013 most typically Nigelify \u2013\u00a0 will install the malware onto their system.<\/p>\n<p>\u201cIt is important to emphasize that the campaign focuses on Chrome browsers, and Radware believes that users that do not use Chrome are not at risk,\u201d researchers said.<\/p>\n<p>Once executed, the malicious JavaScript downloads an initial configuration from the bad actor\u2019s C2 with a set of requests \u2013 including a triple-threat set of plugins that comprise of code for Facebook propogation, cryptomining code and YouTube click fraud.<\/p>\n<p><strong>Triple-Threat Malware\u00a0<\/strong><\/p>\n<p>The Facebook propagation capabilities continue to spread the malware through the victim\u2019s social network \u2013 the authenticated users\u2019 Facebook access tokens are generated and the propagation phase begins.<\/p>\n<p><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/10134252\/nigelthorn.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-131882 alignleft\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/10134252\/nigelthorn-300x209.png\" alt=\"\" width=\"300\" height=\"209\"\/><\/a>\u201cThe malware collects relevant account information for the purpose of spreading the malicious link to the user\u2019s network,\u201d Radware researchers said. \u201cOnce the victim clicks on the link, the infection process starts over again and redirects them to a YouTube-like webpage that requires a \u2018plugin installation\u2019 to view the video.\u201d<\/p>\n<p>A publicly available, browser-mining tool (Javascript code looking to mine the Monero, Bytecoin or Electroneum currencies) is also downloaded as a plugin to trigger the infected machines to start mining cryptocurrencies.<\/p>\n<p>\u201cAt the time of writing, approximately $1,000 was mined over six days, mostly from the Monero pool,\u201d according to the researchers.<\/p>\n<p>As the icing on the cake, the malware also contains a request to steal the victim\u2019s Facebook or Intstagram credentials.<\/p>\n<p>\u201cThe malware is focused on stealing Facebook login credentials and Instagram cookies. If login occurs on the machine (or an Instagram cookie is found), it will be sent to the C2,\u201d Radware researchers said in the report. \u201cThe user is then redirected to a Facebook API to generate an access token that will also be sent to the C2 if successful.\u201d<\/p>\n<p>The malware contains numerous persistence features as well \u2013 for instance, if a user tries to open the extensions tab to remove the extension, the malware closes it and prevents removal. It also downloads \u00a0URI Regex from the C2 and blocks users that try to access those patterns.<\/p>\n<p>\u201cAs this malware spreads, the group will continue to try to identify new ways to utilize the stolen assets,\u201d said Radware researchers. \u201cSuch groups continuously create new malware and mutations to bypass security controls. Radware recommends individuals and organizations update their current password and only download applications from trusted sources.\u201d<\/p>\n<p>Facebook malware campaigns have been cropping up lately on the social media platform \u2013 including FacexWorm, a\u00a0malware in Facebook Messenger that installs on victim\u2019s systems and steals their passwords.<\/p>\n<p>\u201cI think we\u2019ll only see these types of [Facebook-propagated] malware continue in the future,\u201d said Raff.<\/p>\n<p>Read More <a href=\"https:\/\/threatpost.com\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/131878\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new malware campaign being rapidly spread on Facebook is infecting users&#8217; systems to perform credential theft, cryptomining, and click fraud. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":394,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[269,4,270,271,18,272,28,273,274],"class_list":["post-393","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-chrome-extension","tag-facebook","tag-facebook-malware","tag-google-chrome","tag-hacks","tag-instagram","tag-malware","tag-nigelthorn","tag-zero-day-malware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Facebook-Spread Malware Triggers Credential Theft, Cryptomining 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-10T18:00:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"209\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining\",\"datePublished\":\"2018-05-10T18:00:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/\"},\"wordCount\":776,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png\",\"keywords\":[\"chrome extension\",\"Facebook\",\"Facebook Malware\",\"Google Chrome\",\"Hacks\",\"Instagram\",\"Malware\",\"NigelThorn\",\"Zero Day Malware\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/\",\"name\":\"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png\",\"datePublished\":\"2018-05-10T18:00:34+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png\",\"width\":300,\"height\":209},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"chrome extension\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/chrome-extension\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/","og_locale":"en_US","og_type":"article","og_title":"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-10T18:00:34+00:00","og_image":[{"width":300,"height":209,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining","datePublished":"2018-05-10T18:00:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/"},"wordCount":776,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png","keywords":["chrome extension","Facebook","Facebook Malware","Google Chrome","Hacks","Instagram","Malware","NigelThorn","Zero Day Malware"],"articleSection":["Threatpost"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/","url":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/","name":"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png","datePublished":"2018-05-10T18:00:34+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/new-facebook-spread-malware-triggers-credential-theft-cryptomining.png","width":300,"height":209},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-facebook-spread-malware-triggers-credential-theft-cryptomining\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"chrome extension","item":"https:\/\/www.threatshub.org\/blog\/tag\/chrome-extension\/"},{"@type":"ListItem","position":3,"name":"New Facebook-Spread Malware Triggers Credential Theft, Cryptomining"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=393"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/393\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/394"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}