Facebook Messenger Users Targeted by Cryptocurrency Viral Miner

post image

Experts from the Trend Micro Company recorded a new activity during which malicious actors have been distributing the Monero cryptocurrency miner called Digmine. They have been spreading it virally through the instant messaging application Facebook Messenger. The campaign is directed against users from such countries as Ukraine, Azerbaijan, Vietnam, South Korea, the Philippines, Thailand, and Venezuela.

“We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker it was referred to in a report of recent related incidents in South Korea,” Trend Micro informs.

Vicious bot

The malware is disguised as a video file named “video_xxxx.zip”, where xxxx is an arbitrary set of digits. Last week, lots of users were attracted to the fact that such files came to them in personal messages. Inside the archive, there was a malicious Digmine.

According to experts, Digmine only affects the desktop version of Facebook Messenger for the Chrome browser. If the file is opened in the mobile version of the messenger, the virus does not function.

“A known modus operandi of cryptocurrency-mining botnets, and particularly for Digmine (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income,” stated the company.

Infection Circuit

Getting on the computer, Digmine reaches out to the server from which it loads and installs the cryptocurrency miner and extension for Chrome. Then it activates the autorun. While the miner is engaged in the production of cryptocurrency, the extension sends messages on behalf of the victim with the virus.

The method works only if the browser retains credentials for authorization in the Facebook account. Otherwise, the extension will not be able to access the messenger interface and send out spam.

“If the user has their Facebook account automatically logged in by default, the browser extension can interact with their account. It does so by downloading additional code from the C&C server. Digmine’s interaction with Facebook could get more functions in the future since it’s possible to add more code,” explained the company, which conducted a bot-related investigation.

Extensions for Chrome can only be downloaded from the official Chrome Web Store directory, but the attackers bypassed this condition. To install a malicious extension, they use a command-line download.

By now, the campaign has affected only users of Windows. Trend Micro informed Facebook about the problem, and the company has already deleted the malicious links in the messages, but experts say this has not solved the problem completely: attackers can change the method of spreading the malware and launch a new campaign.

How to Prevent it?

Cryptocurrency mining is growing in popularity; hence attackers are getting more attracted by the mining botnet business. The more victims are attacked, the bigger the profits – this is a traditional dogma of all the cybercriminal blueprints. It is also not unexpected that they are using popular social media platforms for distributing their malware.

If you want to prevent this type of cyber threats, merely follow golden practices on protecting social media accounts. First of all, you should think twice before you share anything that might seem suspicious. You should also be cautious when downloading any files even if you have received them from your friends. Secondly, be aware of unreclaimed messages. And thirdly, activate your account’s privacy settings.

In its official statement, Facebook claimed that “we maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”

Images Source: blog.trendmicro.com

Blockchain Market Could Be $7 bln and Boost Amazon, Microsoft, BofA Says
Novel estimates from one of the most influential investment banks in the world — Bank of America — showcase unalterable ledger spread will be of use for...
Snoop Dogg To Perform Live At Ripple’s VIP Event
Snoop Dogg is going to perform live at a closed crypto-event, hosted by the company which runs the third most valuable cyber-coin in the world – Ripple....
Putin Approved Russians to Help Venezuela Launch Petro Behind the US Back: Report
The launch of Venezuela’s state cyber coin petro might not have been as innocent as the country’s socialist government portrayed it. Reportedly, the development...
A Little Boy Wrote A Book About The Bitcoin
Andrew Courey, a high school student in Massachusetts, recently published a 57-page book about bitcoin.Andrew conducted his research in the field of cryptocurrency...
Chechnya Leader Kadyrov Admitted Buying Bitcoin, Urged Not to Ban Cryptos
The leader of Chechen Republic, which is a part of Russia, Ramzan Kadyrov has unveiled that he piled into a portion of bitcoin and urged the authorities...
UK’s Royal Coins Producer Launches Own ‘Bitcoin’, Backed by Gold
In a plethora of countries bitcoin and its brethren have been taken with a pinch of salt both by regulators and institutional investors, e.g., in China,...
Skychain Will Change The Ecosystem Of Neural Networks
Think about this figure: only in the EU and the US more than half a million patients a year die due to a misdiagnosed diagnosis and related complications...
50 Cent Made Millions By Chance as He Accepted Bitcoin For His Album
Back in 2014, when bitcoin’s value was just $662, famous American rapper 50 Cent (Curtis James Jackson III by birth), was the first celebrity to accept...
South Korean Exchanges to Pay 24% Taxes on Cryptos As Officials to Declare Bitcoin Holdings
Last week was one of the breakneck fluctuations in the prices of all virtual coins, including bitcoin. However, the downhill swings were prevailing, as...
JPMorgan’s Jamie Dimon Accepts Being Wrong When Called BTC a “Fraud”
The Chairman and CEO of the US largest bank JPMorgan Chase – Jamie Dimon – five months after calling bitcoin a “fraud” decided to take it back. In a conversation...
Hold It Or Take Profits? VC, Early Bitcoin Investor Knows The Answer
Bitcoin has demonstrated quite a significant growth for itself in 2017, soaring up by around 1,400% between January and mid-December. Currently, the king...
Ethereum’s Per-Coin Value Broke $1,000
As we have noticed, the first month of 2018 gave us a huge number of records. Here are the general capitalization of cryptocurrencies, and Ripple, and Stellar.Ethereum...
Greek Universities Use Cardano's Blockchain to Keep Records Of Diplomas
Greek graduates will be able to confirm their qualifications with the help of a blockbuster. The national research and educational network of Greece GRNET...
Warren Buffett’s Opinion about Bitcoin – Is He Right or Wrong?
Bitcoin is the most significant cryptocurrency on the planet, but it is also a very volatile. Views are incredibly different on the prospects of Bitcoin....
Confido: How to Raise $374,000 ICO and Disappear
The ICO Confido, which sold tokens called CFD, attracted $ 374,000 from investors and after that has completely vanished! The startup removed all information...