This malware infects Facebook Messenger users to mine Monero, bitcoin-alternative
Tokyo-based cybersecurity giant Trend Micro has warned that a new cryptocurrency mining bot is spreading across the world fast through Facebook Messenger. First spotted in South Korea, "Digmine" has since spread to Vietnam, Thailand, Ukraine, the Philippines, Azerbaijan, and Venezuela. Given the way the bot propagates, Trend Micro expects it to spread to other countries soon. Here's all about it.
How Digmine affects an infected computer
Digmine is essentially a downloader which connects its command-and-control (C&C) server and downloads multiple components. It then installs an autostart mechanism and a system infection marker. It then moves to Chrome, where it installs a malicious browser extension downloaded from the C&C server. It then proceeds to download the mining component, following which it uses the infected computer for cryptocurrency mining.
How Digmine is spreading to countries across the world
Digmine only affects Facebook Messenger's desktop or web browser version. The malware doesn't work as intended on other platforms. Coded in AutoIt, Digmine is sent to would-be victims posing as a video file link. The malware is activated if a user clicks it. If a user's Facebook-account is set to automatic log in, Digmine manipulates Messenger to send the link to the user's friends.
Digmine looks to infect an increasing number of machines
Cryptocurrency bots, especially Digmine, operate by staying in a victim's system for as long as possible. They also try to infect as many machines as they can. By quickly infecting a large number of machines, Digmine, which mines the cryptocurrency Monero, can ensure an increased hashrate which translates into potentially more cybercriminal income.
Digmine could later be used to hijack Facebook accounts
Digmine's abuse of Facebook Messenger is limited to just propagation as of now, says Trend Micro. However, the cybersecurity firm warns that it wouldn't be implausible for attackers to hijack Facebook accounts themselves later on down the line - Digmine's code is pushed from the C&C server which means that it can be updated. To stay safe, follow best practices on social media security.
