Security researchers have discovered a cryptocurrency-mining malware that is spreading through Facebook Messenger. The malicious bot unearthed by researchers at Trend Micro infects computers and turn it into a ‘cryptocurrency miner’.
The malware dubbed as ‘Digmine’ is spreading through Facebook Messenger and is affecting desktop version of the app running on a Google Chrome browser. The Monero-cryptocurrency mining bot masquerades in the form of a ‘non-embedded’ video file under the name video_xxxx.zip which is an AutoIt executable script. The link once clicked uses the browser to download the components on the victim’s computer and related ‘configuration files’ from a remote command-and-control (C&C) server.
The Digmine malware primarily installs a cryptocurrency miner which silently hoards Monero cryptocurrency in the background by using the CPU power of the infected computers. The Trend Micro researchers mentioned that if a user’s Facebook account is set to log in automatically, Digmine will maneuver Messenger to send the malicious file to friends on their Facebook account. However, the malicious bot only impacts desktop version of Chrome. If you open it through Messenger on other platforms such as smartphones, it won’t be able to take advantage.
Digmine first spotted in South Korea has spread in various countries including Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand and Venezuela. Security analysts note that with the malware’s built-in propagation functionality, it may reach other countries as well.
The recent surge in cryptocurrency value is perhaps the reason that’s encouraging hackers to take such illicit advantage of desktop users and mine cryptocurrencies.
Trend Micro did notify Facebook about the malware, and the company addressing the issue said that it has removed Digmine related links from its platform. While Facebook ‘campaign spams’ are nothing new, research analysts at Trend Micro advised users to share important credentials carefully, enable account’s privacy settings and be aware of unsolicited messages that pop up on your Facebook account.