Researchers from Trend Micro Security recently found a new cryptocurrency mining bot spreading through facebook messenger and targeting Google Chrome desktop users to take advantage of the recent rise in the price of cryptocurrency.
Tagged Digmine, the monero cryptocurrency mining bot only affects facebook messengers desktop/web browsers(chrome ) version. If the file is opened on other platforms (e.g., mobile), the malware will not work as intended.
So next time, If you receive a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger, you might want to think twice before clicking on it.
|Digmine’s Attack Chain
Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source Monero miner known as XMRig—which silently mines the Monero cryptocurrency in the background for hackers using the CPU power of the infected computers.
Digmine was first reported in South-Korea and has thus spread across other regions such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela.
All Digmine-related links have so far been removed by facebook team when notified by Trend Micro security. In Facebook’s official statement, “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”
The increase in popularity of cryptocurrency comes at a price, you can’t really tell where next you will find the next hidden cryptocurrency mining script. I currently use Anti Miner chrome extension to block some malicious mining script on my browser, you should try one.