Researchers from the cybersecurity firm, Trend Micro, recently discovered a new cryptocurrency mining bot that is using Facebook Messenger to infect unsuspecting victims' devices. The mining botnet hijacks a user's CPU in order to mine Monero. According to the security researchers, the mining bot, dubbed Digmine, is using Facebook Messenger to infect devices all over the world. Like most questionable mining scripts, Digmine hijacks devices in order to mine a favorite token of hackers, Monero.
Trend Micro first discovered the bot in South Korea, however, Digmine has already spread to several other countries, including Thailand, Azerbaijan, Venezuela, Ukraine, Philippines, and Vietnam. Once a device is infected, the malware can also use the infected device to infect more. This damaging ripple effect means that Digmine could spread to several more countries. The researchers did not mention where Digmine originated from, but considering the country’s history, it is thought to be attributed to state-backed North Korea hackers.
Victims are sent a video file from one of their Facebook Messenger, however, the video file is fraudulent and actually contains the malicious code. The bot is only effective if opened from Facebook Messenger via a desktop version of Google Chrome. Once the video file has been opened, it infects the user’s device and infiltrates the user's Chrome browser to download the needed tools for the covert mining process.
However, once a device is compromised with Digmine, the bot can also log into the Facebook account linked to the specific Chrome browser to spread the file to the affected user’s contacts. While Facebook is currently only being used to spread the malware, the researchers noted that the bot demonstrates the capability to also start hijacking Facebook accounts.
Facebook noted that they had several automated systems which were created to prevent malicious links and content to spread via their platform. However, they noted that once they suspect a user to be infected, they will provide the user with a free anti-virus scan conducted by one of their partners. Shortly after notifying Facebook of their discovery, Facebook took down any link affiliated with the Digmine bot.
Trend Micro first discovered the bot in South Korea, however, Digmine has already spread to several other countries, including Thailand, Azerbaijan, Venezuela, Ukraine, Philippines, and Vietnam. Once a device is infected, the malware can also use the infected device to infect more. This damaging ripple effect means that Digmine could spread to several more countries. The researchers did not mention where Digmine originated from, but considering the country’s history, it is thought to be attributed to state-backed North Korea hackers.
Victims are sent a video file from one of their Facebook Messenger, however, the video file is fraudulent and actually contains the malicious code. The bot is only effective if opened from Facebook Messenger via a desktop version of Google Chrome. Once the video file has been opened, it infects the user’s device and infiltrates the user's Chrome browser to download the needed tools for the covert mining process.
However, once a device is compromised with Digmine, the bot can also log into the Facebook account linked to the specific Chrome browser to spread the file to the affected user’s contacts. While Facebook is currently only being used to spread the malware, the researchers noted that the bot demonstrates the capability to also start hijacking Facebook accounts.
Facebook noted that they had several automated systems which were created to prevent malicious links and content to spread via their platform. However, they noted that once they suspect a user to be infected, they will provide the user with a free anti-virus scan conducted by one of their partners. Shortly after notifying Facebook of their discovery, Facebook took down any link affiliated with the Digmine bot.