How the New “Nigelthorn” Facebook Malware Works and How to Avoid It

2025-11-14

Facebook is one of the Internet’s most famous social media sites, and it carries with it a wealth of personal information. In this new era where information is worth a lot of money, harvesting it en-masse can turn a tidy profit – whether that’s via legal ways or by less honourable means! Facebook has seen a lot of attacks in the past, but the recent attack, referred to as “Nigelthorn,” is particularly nasty for Chrome users.

How Nigelthorn Works

Nigelthorn attacks begin their life as a link to a fake YouTube page. When the user clicks it, they’ll see a fake video waiting to be played. Chrome will then inform the user that they have to install an extension in order to view it. If the user accepts this invite, they’ll end up installing the malware onto their PC.

Knowledgeable readers will wonder why Chrome would allow such a thing to happen, given how there’s security measures stopping malicious extensions from being installed. The method used by the attackers is the same reason it’s called “Nigelthorn” in the first place.

nigel-thorn-extension

In order to dodge Chrome’s security checks, a legitimate and accepted extension is taken, and malicious code is implanted into it. This extension is then spread among the public. When a user gets a request to install the infected extension, it skips Chrome’s security check and allows it to be installed. The malware started its life infecting the “Nigelfy” extension which replaces pictures with that of the cartoon character “Nigel Thornberry.”

Also read: How Cryptojacking Spread to Facebook, and How To Beat It

What Nigelthorn Does

Nigelthorn has a few nasty tricks up its sleeve. The include the following.

Stealing Data

Of course, being a Facebook extension, Nigelthorn will want to use the data available to its advantage. As such, users infected by Nigelthorn have their Facebook details havested and sent off by the malware to the developers.

Cryptomining

nigel-thorn-currency

Cryptomining has been a hot topic for malware developers, and Nigelthorn is no different! The malware will set a cryptomining program running on the victim’s computer to make the developers some extra money. One six-day window of Nigelthorn’s mining activity saw the developers make $1000 worth of cryptocurrency!

Spreading Itself

Facebook makes it very easy to share information, which malware developers use to their advantage. When a user is infected, the malware will try to spread itself via a link sent over Facebook Messenger or by tagging users in a text post. The infection process is the same, meaning that as long as users click the link and install the extension, the malware can keep replicating itself.

YouTube Manipulation

nigel-thorn-youtube

The code can also direct users to view, like, and subscribe to YouTube videos and channels. This is likely an attempt by the malware developers to gain revenue via YouTube by logging views from infected PCs.

Also read: Use the Facebook Container Extension to Prevent Facebook from Tracking You

Protecting Itself

Once the extension is installed, the malware will try its best to defend itself from being deleted. If the extensions panel is opened up, the malware will immediately close it again. Similarly, it will block the victim from Facebook and Chrome cleanup tools to better preserve itself.

Avoiding Infection

The best way to avoid being hit by NigelThorn is to not use Chrome. This malware only hits Chrome, so users using other browsers will be safe from this attack. But if a user continues to use Chrome, they should keep an eye out for fishy links on their Facebook page. If they find themselves on a YouTube video page that requires a strange-looking extension to view it, they should not install it under any circumstances!

If you have installed a NigelThorn-infected extension, it’s recommended you uninstall it, preferably via uninstalling Chrome itself if NigelThorn is denying you access to the extensions list. Also, change the password on your Facebook account in case it was stolen in the attack.

A Rose Has Its NigelThorns

While NigelThorn is a nasty piece of kit, it’s not totally unavoidable. Only Chrome users have anything to be concerned about, and even then, as long as you use the knowledge detailed above, you should never fall victim to this malicious attack that winds its way around Chrome’s security measures.

Have you witnessed NigelThorn on Facebook yourself? Let us know below.

Image credit: Bitcoin und britische Pfund

Comments on " How the New “Nigelthorn” Facebook Malware Works and How to Avoid It" :

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related Article

    Connect WordPress to Apple News Publisher in 3 Easy Steps
    INTERNET

    Connect WordPress to Apple News Publisher in 3 Easy Steps

    Apple News Publisher has reportedly been responsible for 10 to 15% of some publishers’ traffic on

    How to Download Videos from Facebook
    INTERNET

    How to Download Videos from Facebook

    Facebook is full of all sorts of videos. You can find videos of animals, reviews and people doing so

    Should Facebook Have a Temporary Unfollow Feature?
    INTERNET

    Should Facebook Have a Temporary Unfollow Feature?

    Although Facebook is a great place to catch up with friends and family, it can also be a bit exhaust

    How to Create, Share, and Edit a YouTube Playlist
    INTERNET

    How to Create, Share, and Edit a YouTube Playlist

    If you’re a YouTube power user, you may want to create a collection for videos. Perhaps you’re g

    CleverPDF: Your One-Stop-Shop for PDF File Tools and Conversions
    INTERNET

    CleverPDF: Your One-Stop-Shop for PDF File Tools and Conversions

    When it comes to creating documents for different systems and devices, you can almost always count o

    Should YouTube Be Responsible For “Tide Pod Challenge” Videos?
    INTERNET

    Should YouTube Be Responsible For “Tide Pod Challenge” Videos?

    2018 started with what seems like the silliest viral “challenge” to ever hit the internet: A bun

    Would a Facebook Subscription Model Work?
    INTERNET

    Would a Facebook Subscription Model Work?

    For a very long time people over the world spoke with concern over Facebook’s data collection for

    How to Get the Most from the New Opera Touch
    INTERNET

    How to Get the Most from the New Opera Touch

    Everyone seems to have loyalty to their favorite browsers. Sometimes the debate becomes as heated as

    About Netverse

    We are a premier digital platform committed to delivering high-quality content to our readers. Our mission is to provide accurate, reliable, and engaging information that adds value to our audience's daily lives.

    Our team consists of experienced content creators and subject matter experts who uphold the highest standards of professionalism. In an era of information overload, we curate content with care, ensuring our users receive only the most relevant and trustworthy information.

    Beyond just reporting facts, we focus on depth and context. Through expert analysis, comprehensive research, and clear presentation, we help our audience gain meaningful insights and make informed decisions.

    We take pride in being a trusted information source for our growing community of readers. Our user-first approach means we continuously adapt to provide content that meets our audience's evolving needs and interests.

    Innovation and excellence drive everything we do. We're committed to improving our platform and services to deliver the best possible experience for our users.