Digimine Cryptocurrency Malware Targets Facebook Messenger Chatbot
For those that might still not be aware of the fact, cryptocurrencies have taken charge. Digital currencies like Bitcoin, Ripple an Ethereum have been experiencing major surges in value over the past few months, and more and more people are getting richer by the day.
However, with this increase in crypto values, malicious persons have also found various means of duping unsuspecting customers of their hard-earned cryptocurrencies. The platform that has been hit the most by this wave is Facebook, which has been used in the past as a vector for the transfer of malware. Facebook has been the preferred medium for hackers due to its popularity and integration capacity.
A popular newspaper recently conducted a study and found that there has been a wide spread of Digimine across the internet. Digimine uses a mining boot that attaches itself to the Facebook Messenger platform of its host. From there, it uses the CPU power of the host's device to mine Monero; a cryptocurrency.
Tech experts at Trend Micro have provided an insight into the operations of Digimine. According to them, the malware is enclosed in a video that is labeled “video_xxxx.zip.” Infected accounts on Facebook send it to others on their Fiends list, and that is how it gets circulated. Also, you should know that Digimine can only function on a desktop computer (due to the tremendous power needed to mine the Monero currency), if you operate your Facebook account from your smartphone, you're safe.
Points To Consider
- As soon as a machine gets infected with the Digimine malware, the user's Facebook account has been reached as well. From there, Digimine can circulate the bot and infect every single one of the user's friends.
- If a Facebook account has been set at auto-login, this bot will easily gain access to his (or her) contact list, and gradually, everyone on the user's contact list will be affected.
How Digimine Works
The mining bot used by Digimine is called “miner.exe,” and it automatically installs on your computers. This bot is a modified version of a Monero miner known as ‘XMRig.' Digimine carries out its operations in the background, barely drawing any attention to itself, while periodically sending profits to its creators, hackers, and others who are making use of the malware. Apart from its basic mining operation, it also adds an extension to your Chrome browser and spreads this bot to all your Facebook friends.
It used to be common knowledge that the only way to add extensions to the Chrome browser was through the official webstore. However, these hackers have created a bypass system that makes it possible for this malicious extension to be installed on commuters.
Avoiding Digimine Malware
Experts at Trend Micro found this issue and rolled out a lengthy press release that covered it. The full release can be found on their website, but an excerpt from it reads;
“The extension is capable of reading its specific configuration from the C&C [command and control] server. It is also able to command the extension to either log into Facebook or make a fake age that will open a video. You should know that the decoy website that opens the video is also a part of the C&C structure. Under the pretense of being a video-streaming site, the malware site holds various configurations of the malware's components.”
So if you're an avid user of social media (and if your computer is your major tool of operation), it is recommended that you carry out your dealings while keeping this in mind.