Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger (techspot.com)

Posted by BeauHD on from the suspicious-links dept.

Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.

1 of 96 comments (clear)

  1. Re:...and double click a Microsoft Windows .exe fi by Bruinwar · · Score: 3, Informative

    Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

    How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

    That's an easy one, you count on users trusting Windows. Since the start Windows has screwed users with extensions. Either hiding them or only showing the first encountered.

    MyFile.zip.exe was very popular awhile back, it would show as a MyFile or Myfile.zip file, yet run as the hidden .exe file.

    As for asking to run it, many have most likely tired of saying yes to the requester and disabled it.

    The first thing I do when working on someone's computer is uncheck the box "Hide extensions of known file types".

    --
    SLOWER TRAFFIC KEEP RIGHT