A Malware uses Facebook Messenger to Spread Cryptocurrency Miner
Cryptocurrency mining malware is spreading at a fast rate, and this time the criminals are making use of Facebook Messenger to infect people as the message looks genuine from friend’s.
According to security researchers, Digimine is making use of FB messenger to send messages directly to friends. This method is more likely to be effective since people will definitely click on the link.
The message is more likely to be a video file, in a .zip format, which is an executable file. Since Facebook messenger runs on the different platform, the script will run on anyone.
This happens when the user has enabled his Facebook account to log in automatically. The malware puts its act together to access the account and send messages. What is more interesting is that the malware can receive updates, enabling it to see the compromised user’s Facebook account.
Digimine is designed in a way that it changes the Windows registry, thus allowing the malware to activate automatically at launch. It then adds a malicious browser extension for Chrome that facilitates it to send messages to user’s Facebook account.
Chrome extensions can normally only be installed from the Chrome Web Store, a restriction Google put in place recently to boost security, but the malware gets around that block by launching Chrome along with the malicious add-on via the command line.
As we know that Chrome’s extension can only be installed through Chrome Web Store, this was a step taken by Google to enhance its security measures. But, Digimine goes a step ahead as it launches chrome along with the malicious add-on code through a command line. To distract the users from getting alerted to its malicious intends the malware will lure the user with a video
According to Trend Micro, “One of the malware’s components downloads a tool that uses the user’s processing power to mine the Monero cryptocurrency, using open-source mining code called XMRig.”
As reported on Silicon.co.uk, according to Trend “The malware is an example of criminals cashing in on recent interest in cryptocurrencies, which are generated via processor-heavy calculations.
“The increasing popularity of cryptocurrency mining is drawing the attackers back to the mining botnet business,” Trend researchers said in an advisory. “Like many cybercriminal schemes, numbers are crucial – bigger victim pools equate to potentially bigger profits.”
Facebook has removed the Digimine links that were used to spread the message.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” the company said in a statement, adding it would provide help to users who suspect their systems are infected with malware.
Trend Micro said “it expects the malware’s developers to continue to find ways to infect new users.”
Digimine initially targeted users in South Korea, but has spread to countries including Vietnam, Azerbaijan, Ukraine, Vietnam, the Philippines, Thailand, and Venezuela, and is likely to spread elsewhere, Trend said.
Security advisors have warned the users to be wary of unsolicited messages and tweak their privacy settings of their social media account.
Julia Sowells946 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.