• Home
  • Apps
  • Apps News
  • Digmine Cryptocurrency Mining Malware Being Spread via Facebook Messenger: Trend Micro

Digmine Cryptocurrency Mining Malware Being Spread via Facebook Messenger: Trend Micro

Digmine Cryptocurrency Mining Malware Being Spread via Facebook Messenger: Trend Micro
Highlights
  • Digmine malware said to only affect Messenger's desktop, Web versions
  • Digmine was first observed in South Korea
  • It has since spread to Vietnam, Thailand, and other countries
Advertisement

A new cryptocurrency-mining bot, named "Digmine", that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cyber-security major Trend Micro has warned.

After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela. It is likely to reach other countries soon, given the way it propagates.

Facebook Messenger works across different platforms but Digmine only affects the Messenger's desktop or Web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blog post.

Digmine is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.

If the user's Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account's friends.

The abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line. This functionality's code is pushed from the command-and-control (C&C) server, which means it can be updated.

A known modus operandi of cryptocurrency-mining botnets and particularly for Digmine (which mines Monero), is to stay in the victim's system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hash rate and potentially more cybercriminal income, the blog post stated.

The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome, then load a malicious browser extension that it retrieves from the C&C server.

If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

How to Buy a SIM Card in India
Nokia Plant in Tamil Nadu Left as an 'Orphaned Child': Ravi Shankar Prasad
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »