Digmine: Cryptocurreny Minning Malware Spreads via Facebook Messenger

label
Be aware of the new Bitcoin mining malware which spreads via facebook messanger when used on google chrome.

This cryptocurrency-mining bot, 'Digmine' first surfaced in South Korea and is spreading fast throughout the world, according to Trend Micro, a Tokyo-headquarted cybersecurity firm.It has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela.

The malware can only spread via messanger in only the desktop version of chrome.which helps the perpetrators take over the Facebook account.If the user's Facebook account is set to log in automatically, "Digmine" will manipulate Facebook Messenger in order to send a link to the file to the account's friends.   


The malware is an type of executable file which can be in any format like video file.Once the malware infects a system, a modified version of XMRig—a Monero mining tool—is installed. This mines the cryptocurrency in the background using a victim’s CPU, sending all profits back to the hackers.

After the hackers take over your account, they have access to your friend list which helps spread the malware.Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely.


The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.

  If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded and it continuously reload its mining activity. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line. 

To avoid falling victim to Digmine, Trend Micro recommended you follow social media best methods such as logging out of the accounts they don’t use, removing apps that are connected to their social media account remove the background activity when completed, using a strong password coupled with two-factor authentication, and being aware that some of the links that are shared to them may contain malware which can affect


The security company disclosed the Digmine bot to Facebook, which then promptly removed many of the bot’s links from its platform and trying to secure the users. Facebook also said that if they suspect a user’s computer is infected with malware, it will provide a free antivirus scan from one of its partners.
    
The good news is that Digimine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won’t have the same effect

TrendMicro disclosed its Digmine findings to Facebook which promptly removed Digmine-related links from its platform. Facebook’s official statement states that, "We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.

Share This :

Related Post



sentiment_satisfied Emoticon