Facebook Messenger Users Targeted by Cryptocurrency Viral Miner

Facebook Messenger Users Targeted by Cryptocurrency Viral Miner

Experts from the Trend Micro Company recorded a new activity during which malicious actors have been distributing the Monero cryptocurrency miner called Digmine. They have been spreading it virally through the instant messaging application Facebook Messenger. The campaign is directed against users from such countries as Ukraine, Azerbaijan, Vietnam, South Korea, the Philippines, Thailand, and Venezuela.

“We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker it was referred to in a report of recent related incidents in South Korea,” Trend Micro informs.

Our top trading bots

Vicious bot

The malware is disguised as a video file named “video_xxxx.zip”, where xxxx is an arbitrary set of digits. Last week, lots of users were attracted to the fact that such files came to them in personal messages. Inside the archive, there was a malicious Digmine.

According to experts, Digmine only affects the desktop version of Facebook Messenger for the Chrome browser. If the file is opened in the mobile version of the messenger, the virus does not function.

“A known modus operandi of cryptocurrency-mining botnets, and particularly for Digmine (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income,” stated the company.

Infection Circuit

Getting on the computer, Digmine reaches out to the server from which it loads and installs the cryptocurrency miner and extension for Chrome. Then it activates the autorun. While the miner is engaged in the production of cryptocurrency, the extension sends messages on behalf of the victim with the virus.

The method works only if the browser retains credentials for authorization in the Facebook account. Otherwise, the extension will not be able to access the messenger interface and send out spam.

“If the user has their Facebook account automatically logged in by default, the browser extension can interact with their account. It does so by downloading additional code from the C&C server. Digmine’s interaction with Facebook could get more functions in the future since it’s possible to add more code,” explained the company, which conducted a bot-related investigation.

Extensions for Chrome can only be downloaded from the official Chrome Web Store directory, but the attackers bypassed this condition. To install a malicious extension, they use a command-line download.

By now, the campaign has affected only users of Windows. Trend Micro informed Facebook about the problem, and the company has already deleted the malicious links in the messages, but experts say this has not solved the problem completely: attackers can change the method of spreading the malware and launch a new campaign.

How to Prevent it?

Cryptocurrency mining is growing in popularity; hence attackers are getting more attracted by the mining botnet business. The more victims are attacked, the bigger the profits – this is a traditional dogma of all the cybercriminal blueprints. It is also not unexpected that they are using popular social media platforms for distributing their malware.

If you want to prevent this type of cyber threats, merely follow golden practices on protecting social media accounts. First of all, you should think twice before you share anything that might seem suspicious. You should also be cautious when downloading any files even if you have received them from your friends. Secondly, be aware of unreclaimed messages. And thirdly, activate your account’s privacy settings.

In its official statement, Facebook claimed that “we maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”

Images Source: blog.trendmicro.com

How yield farming on decentralized exchanges can become less risky
The DeFi industry has been gaining momentum since 2020, offering a new perspective on the world of finance and a new way for investors to make money. In...
Record network activity and a second NFT boom send WAX price higher
Just a few days before Bitcoin (BTC) price plunged below $30,000, the NFT sector was dominating headlines for the second time in 2021, led by a month-long 972%...
Woori becomes latest major Korean bank to announce crypto custody services
According to a July 11 report from The Korean Economic Daily, the group’s banking unit, Woori Woori Financial Group has become the latest major South Korean...
Bitcoin metric sees 'hell of a bounce' in move which historically heralds BTC price bottom
A classic Bitcoin (BTC) on-chain indicator has seen a “hell of a bounce” even as price action stays uncertain.In a tweet on July 9, Philip Swift, creator...
Crypto asset manager Valkyrie raises $10M in Series A round
Digital asset manager and Bitcoin (BTC) ETF proponent Valkyrie Investments recently concluded a $10 million Series A funding round, once again highlighting...
MicroStrategy stock tanks with Bitcoin as S&P 500, Nasdaq rally
Shares of MicroStrategy (MSTR) plunged anew on Tuesday, extending an early week slump on the back of a highly volatile cryptocurrency market that saw Bitcoin...
Digital land in Decentraland sells for $913K... to a virtual property developer
A virtual plot of real estate situated within the Ethereum-based open-world game, Decentraland, has sold for more than $913,000 — valuing the intangible...
South Korean crypto exchanges banned from handling coins they issued themselves
The increased regulatory scrutiny that befell South Korea’s cryptocurrency space in recent times appears to have extended to include exchange tokens.Exchange...
Block.one free to focus on $10B crypto business after lawsuit settlements
EOSIO developer Block.one says it is focusing on its crypto business mandate after recently settling a class action lawsuit.In a blog post published on...
Banking system consumes two times more energy than Bitcoin: research
Amid the ongoing concerns over Bitcoin's (BTC) energy consumption, a new study states that the traditional banking system consumes much more energy than...
Shanghai Man: Aping out of gorilla token, digital dollar Biden its time... and more
This weekly roundup of news from Mainland China, Taiwan, and Hong Kong attempts to curate the industry’s most important news, including influential projects,...
Goldman Sachs Cautions Rich Clients on Crypto Craze, Belittles Bitcoin
With the correction which occurred on the crypto market last week, the talks about the start of a huge crash (so-called ‘bubble-bursting’) stirred up....
Blockchain in the E-Sports Industry
The e-sports project Eloplay in its blog announced the integration of blockchain-based solutions into the work of its platform. The statement of the project...
Whitepaper Of The Telegram Project Is Available
Telegram is developing what they say will be the most widely used wallet on Earth.The English-language document entitled "Telegram Open Network" was posted...
Altcoin to Invest: Stratis
Stratis (STRAT) is a cryptocurrency that uses the platform Stratis to generate private and public chains for corporate use. It offers a solution for quick...