Tokyo-based cybersecurity firm Trend Micro discovered a cryptocurrency mining bot in Facebook Messenger. Dubbed “Digmine,” the malware has been found in South Korea and has since spread to Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It is predicted to rapidly make its way to different nations.
When a Facebook Messenger user gets their account collection to automatically log into, Digmine will instantly send a disguised video connection, typically titled “video_xxxx.zip,” to all of their buddies via direct message. If this file is opened, it will execute the malware. Once the bot is implanted, an auto-start mechanism will automatically launch Chrome and execute a malicious browser expansion. Normally, browser extensions can only be downloaded in the Chrome shop, however Digmine gives hackers the ability to skip this step with the command line.
Once everything is in place, a mining module is downloaded onto the victim’s browser. Known as XMRig, it uses their computer tools to mine Monero, a type of cryptocurrency very similar to Bitcoin. The Chrome extension completes the cycle, sending fake video links to more Facebook users.
The mining bot’s goal is to stay unnoticed for as long as possible, consuming valuable computer CPU resources. More concerning is the potential for hackers to take over Facebook accounts.
“The abuse of Facebook is limited to propagation for the time being, but it wouldn’t be implausible for attackers to ditch the Facebook account itself down the line,” Trend Micro wrote.
Fortunately, the cryptocurrency mining bot is limited to the desktop (Chrome) version of Messenger. If the video file is opened on different platforms, like the mobile webpage or program, it won’t work as intended.
Facebook also allegedly took down several Digmine-related connections after Trend Micro revealed its findings.
“We keep a number of automated systems to assist prevent harmful connections and documents from appearing on Facebook and in Messenger,” Facebook stated in a statement. “If we guess your computer is infected with malware, we’ll supply you with a free antivirus scan from our trusted partners. We discuss tips about the best way best to stay secure and hyperlinks to these scanners … on facebook.com/help. ”
This doesn’t mean you’re in the clear just yet. It’s likely there are still links floating around, along with the hackers could choose to tweak the hyperlinks and start all over again. To protect yourself from Digmine, avoid opening suspicious links, empower your account’s privacy preferences, and monitor your own personal computer’s CPU use.