A new cryptocurrency-mining bot, named “Digmine”, that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.
After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela. Considering the way this crypto-miner is spreading, it will be reaching other countries pretty soon.
Now, there is a very specific condition for this virus. This only affects the Desktop and Web Browser versions of the Messenger App. According to the firm, if the malware is opened on any other platform, the malware won’t work as intended.
So, what’s “Digmine”? It’s an Autoit coded malware that poses a video file. In actuality, it’s an executable script that sends itself directly to the victim’s Facebook contacts and friends.
Right now, the malware problem has limited itself to just propagating. However, the victims of the attack might have their accounts hijacked at a later time. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.
The miner itself uses Monero, and its main goal is to stay in the victim’s system for as long as possible. Of course, since this is also a cryptocurrency-miner, it will be looking to spread itself to other users in order to bank a lot of Bitcoin and other Cryptocurrencies.
The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.
The malware is even capable of terminating and restarting Google Chrome in order to ensure the installation of the malicious plug-in. Thankfully, the best way to prevent this from happening is to avoid dubious links and video files sent by your friends and family.
Facebook
Twitter
Google+
LinkedIn
RSS