Facebook Messenger Users Targeted by Cryptocurrency Viral Miner

Facebook Messenger Users Targeted by Cryptocurrency Viral Miner

Experts from the Trend Micro Company recorded a new activity during which malicious actors have been distributing the Monero cryptocurrency miner called Digmine. They have been spreading it virally through the instant messaging application Facebook Messenger. The campaign is directed against users from such countries as Ukraine, Azerbaijan, Vietnam, South Korea, the Philippines, Thailand, and Venezuela.

“We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker it was referred to in a report of recent related incidents in South Korea,” Trend Micro informs.

Vicious bot

The malware is disguised as a video file named “video_xxxx.zip”, where xxxx is an arbitrary set of digits. Last week, lots of users were attracted to the fact that such files came to them in personal messages. Inside the archive, there was a malicious Digmine.


According to experts, Digmine only affects the desktop version of Facebook Messenger for the Chrome browser. If the file is opened in the mobile version of the messenger, the virus does not function.

“A known modus operandi of cryptocurrency-mining botnets, and particularly for Digmine (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income,” stated the company.

Infection Circuit

Getting on the computer, Digmine reaches out to the server from which it loads and installs the cryptocurrency miner and extension for Chrome. Then it activates the autorun. While the miner is engaged in the production of cryptocurrency, the extension sends messages on behalf of the victim with the virus.

The method works only if the browser retains credentials for authorization in the Facebook account. Otherwise, the extension will not be able to access the messenger interface and send out spam.


“If the user has their Facebook account automatically logged in by default, the browser extension can interact with their account. It does so by downloading additional code from the C&C server. Digmine’s interaction with Facebook could get more functions in the future since it’s possible to add more code,” explained the company, which conducted a bot-related investigation.

Extensions for Chrome can only be downloaded from the official Chrome Web Store directory, but the attackers bypassed this condition. To install a malicious extension, they use a command-line download.

By now, the campaign has affected only users of Windows. Trend Micro informed Facebook about the problem, and the company has already deleted the malicious links in the messages, but experts say this has not solved the problem completely: attackers can change the method of spreading the malware and launch a new campaign.

How to Prevent it?

Cryptocurrency mining is growing in popularity; hence attackers are getting more attracted by the mining botnet business. The more victims are attacked, the bigger the profits – this is a traditional dogma of all the cybercriminal blueprints. It is also not unexpected that they are using popular social media platforms for distributing their malware.

If you want to prevent this type of cyber threats, merely follow golden practices on protecting social media accounts. First of all, you should think twice before you share anything that might seem suspicious. You should also be cautious when downloading any files even if you have received them from your friends. Secondly, be aware of unreclaimed messages. And thirdly, activate your account’s privacy settings.

In its official statement, Facebook claimed that “we maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”

Images Source: blog.trendmicro.com

Canada Reports Blockchain To Be Amongst Its Highest Paying Industries
A report recently published by the Canadian Digital Chamber of Commerce proves that the money involved in the blockchain industry of the nation is at...
KodakONE Blockchain Beta Test Generated $1 mln in Content Licensing Claims
More than $1 million — this how much in licensing claims KodakONE, a dev of DLT-based image rights platform, has generated. Certified by the American...
UNICEF Funds Six DLT Startups to Solve Global Issues
UNICEF is both crypto- and blockchain friendly. A few months ago the French leg of UNICEF said it was accepting donations in nine types of...
Facebook Has Opened 5 Blockchain-Related Vacancies
More than half a year ago social media titan Facebook set up a blockchain group to explore how to employ this technology to the maximum advantage of...
Seven Southern European Countries Agreed to Promote Blockchain
Seven countries of Southern Europe signed a declaration in which they commit themselves to promote blockchain. These countries are Cyprus, France...
Amazon Embraces Blockchain Despite The Dip on Crypto-Market
Even as crypto-market plunged from nearly $830 billion in January to $121.5 billion this week, the leading e-commerce company sees an opportunity in...
Microsoft Releases Dev Kit to Connect Users to Blockchain
The American technological titan Microsoft has finally introduced its development kit dubbed Azure. Azure functions without a server and is powered...
JPMorgan: Investors Should Keep an Eye on These DLT-Friendly Companies
If you are an investor, it might still be challenging for you to get exposed to DLT, unless, for sure, you are purchasing bitcoin. To ease the life...
Blockchain Engineers Make As Much As AI Specialists
Engineers working in the blockchain domain are as demanded as those who work on artificial intelligence. Such a conclusion can be made from the...
Blockchain Market Could Be $7 bln and Boost Amazon, Microsoft, BofA Says
Novel estimates from one of the most influential investment banks in the world — Bank of America — showcase unalterable ledger spread will be of use...