Researchers from safety theatre Trend Micro are alert users of a novel cryptocurrency mining bot which is spreading through Facebook Messenger in addition to targeting Google Chrome desktop users to direct maintain payoff of the recent surge inward cryptocurrency prices.
Dubbed Digmine, the Monero-cryptocurrency mining bot disguises equally a non-embedded video file, nether the lift "video_xxxx.zip" (as shown inward the screenshot), but is genuinely contains an AutoIt executable script.
Once clicked, the malware infects victim's reckoner in addition to downloads its components in addition to related configuration files from a remote command-and-control (C&C) server.
Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source Monero miner known equally XMRig—which silently mines the Monero cryptocurrency inward the background for hackers using the CPU ability of the infected computers.
Besides the cryptocurrency miner, Digimine bot too installs an autostart machinery in addition to launch Chrome alongside a malicious extension that allows attackers to access the victims' Facebook profile in addition to spread the same malware file to their friends' listing via Messenger.
Since Chrome extensions tin alone hold out installed via official Chrome Web Store, "the attackers bypassed this past times launching Chrome (loaded alongside the malicious extension) via command line."
"The extension volition read its ain configuration from the C&C server. It tin learn the extension to either drib dead along alongside logging inward to Facebook or opened upward a mistaken page that volition play a video" Trend Micro researchers say.
"The decoy website that plays the video too serves equally component of their C&C structure. This site pretends to hold out a video streaming site but too holds a lot of the configurations for the malware’s components."It's noteworthy that users opening the malicious video file through the Messenger app on their mobile devices are non affected.
Since the miner is controlled from a C&C server, the authors behind Digiminer tin upgrade their malware to add together dissimilar functionalities overnight.
Digmine was get-go spotted infecting users inward Republic of Korea in addition to has since spread its activities to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, in addition to Venezuela. But since Facebook Messenger is used worldwide, at that topographic point are to a greater extent than chances of the bot existence spread globally.
When notified past times Researchers, Facebook told it had taken downwards nigh of the malware files from the social networking site.
Facebook Spam campaigns are quite common. So users are advised to hold out vigilant when clicking on links in addition to files provided via the social media site platform.
Share This :
comment 0 Comments
more_vert