Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger
Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which
Dubbed Digmine, the Monero-cryptocurrency mining bot disguises as a non-embedded video file,
Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source
Besides the cryptocurrency miner, Digimine bot also installs an autostart mechanism and launch Chrome
same malware file to their friends’ list via Messenger.
Since Chrome extensions can only be installed via official Chrome Web Store, “
the attackers bypassed this by launching Chrome (loaded with the malicious extension) via command line.“
“The extension will read its own configuration from the C&C server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video” Trend Micro researchers say.
“The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components.”
It’s noteworthy that users opening the malicious video file through the Messenger
app on their mobile devices are not affected.
When notified by Researchers, Facebook told it had taken down most of the malware files from the social networking site.
Facebook Spam campaigns are quite common. So users are advised to be vigilant when clicking on links and files provided via the social media site platform.