"
When FacexWorm detects that the user is accessing any of the 52 cryptocurrency trading platforms it targets, or if the user is keying in keywords such as “blockchain,” “eth-,” or “ethereum” in the URL, it will redirect the victim to a scam webpage. The scam entices users to send 0.5 – 10 ether (ETH) to the attacker’s wallet address for verification purposes and promises to send back 5 – 100 ETH. Users can mitigate this by simply closing the page and reopening it to restore normal access to the original website. This is because the malicious extension reserves a timestamp in the cookie that prevents redirection to the scam page within an hour. However, redirection will resume if FacexWorm’s webpages of interest are accessed again. We have so far not found anyone who has sent ETH to the attacker’s address."