Researchers from safety theatre Trend Micro are alert users of a novel cryptocurrency mining bot which is spreading through Facebook Messenger together with targeting Google Chrome desktop users to accept wages of the recent surge inwards cryptocurrency prices.
Dubbed Digmine, the Monero-cryptocurrency mining bot disguises equally a non-embedded video file, nether the get upwards "video_xxxx.zip" (as shown inwards the screenshot), but is truly contains an AutoIt executable script.
Once clicked, the malware infects victim's figurer together with downloads its components together with related configuration files from a remote command-and-control (C&C) server.
Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source Monero miner known equally XMRig—which silently mines the Monero cryptocurrency inwards the background for hackers using the CPU ability of the infected computers.
Besides the cryptocurrency miner, Digimine bot likewise installs an autostart machinery together with launch Chrome alongside a malicious extension that allows attackers to access the victims' Facebook profile together with spread the same malware file to their friends' listing via Messenger.
Since Chrome extensions tin solely travel installed via official Chrome Web Store, "the attackers bypassed this past times launching Chrome (loaded alongside the malicious extension) via command line."
"The extension volition read its ain configuration from the C&C server. It tin teach the extension to either continue alongside logging inwards to Facebook or opened upwards a mistaken page that volition play a video" Trend Micro researchers say.
"The decoy website that plays the video likewise serves equally component subdivision of their C&C structure. This site pretends to travel a video streaming site but likewise holds a lot of the configurations for the malware’s components."It's noteworthy that users opening the malicious video file through the Messenger app on their mobile devices are non affected.
Since the miner is controlled from a C&C server, the authors behind Digiminer tin upgrade their malware to add together unlike functionalities overnight.
Digmine was commencement spotted infecting users inwards Republic of Korea together with has since spread its activities to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, together with Venezuela. But since Facebook Messenger is used worldwide, at that spot are to a greater extent than chances of the bot beingness spread globally.
When notified past times Researchers, Facebook told it had taken downwardly close of the malware files from the social networking site.
Facebook Spam campaigns are quite common. So users are advised to travel vigilant when clicking on links together with files provided via the social media site platform.
