Trend Micro — a Japanese cybersecurity company — has detected a cryptocurrency mining malware that uses Facebook Messenger to mine the popular Monero cryptocurrency token. The scariest part: if you’re infected, you probably don’t even know it.
Security researchers at Trend Micro have named the new mining bot “Digimine.” According to the the company, the bot first appeared in South Korea and has expanded to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela. For now, researchers say, the malware has not grown beyond these countries, but that it won’t take long for the bot to reach other regions.
What is Digimine and How Does it Work?
Digimine is programmed using AutoIt — a freeware automation language for Microsoft Windows. The malware disguises the mining bot as a video file, which in reality is an AutoIt script. Once a user clicks on a malicious link, the bot gets downloaded onto the computer.
The malware then downloads codex.exe, a miner management component tailored to interact with the Command and Control server. After contacting the C&C server, the malware downloads the miner and configuration files it needs to take control of the victim’s Facebook account.
The malware then installs a Chrome extension that specifically targets Facebook Messenger users. It either loads a fake page that plays a video or continues to log into Facebook.
Trend Micro researchers found that, if an affected Facebook account is configured to log in automatically, Digimine has the potential to send links to the account’s friends via Facebook Messenger. Furthermore, the malicious program can slow the victim’s computer and manipulate infected Facebook accounts to target other users.
Although it has the capability of taking control of Facebook accounts, Digimine opts to run scripts in the background, keeping victims unaware that their accounts have been compromised. Currently, the malware only works on the desktop version of Facebook Messenger.
Responding to the situation, Facebook said:
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on faceboo.com/help.”
Cybercriminals choose industry giants such as Facebook to gain higher profits. Facebook, for example, has over two billion active users per month.
“Like many cybercriminal schemes,” Trend Micro stated, “numbers are crucial — bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising.”
So stay safe out there, and watch out for suspicious links and videos — they might turn your Facebook account into a Monero miner.
Have you or anyone you know been affected by this new malware? Let us know in the comments.
Images via Pixabay, Monero