Digmine Cryptocurrency Mining malware spreads through Facebook Messenger: Report

The new cryptocurrency-mining bot, is spreading fast across the world.
Author:
Publish date:
Social count:
18
Cybercriminals are using Facebook Messenger to infect computers with malware - a new cryptocurrency-mining bot, named “Digmine”.

Cybercriminals are using Facebook Messenger to infect computers with malware - a new cryptocurrency-mining bot, named “Digmine”.

Cybercriminals are using Facebook Messenger to infect computers with malware - a new cryptocurrency-mining bot, named “Digmine”.

“Digmine” was was first observed in South Korea, and is quickly spreading across the world, Security researcher at the Japanese cyber security firm Trend Micro have warned. A known modus operandi of cryptocurrency-mining botnets, and particularly for Digmine, is to stay in the victim’s system for as long as possible. 

It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income, the blogpost reads. Consequently, "Digmine" is targeting everybody, by mining Monero - an alternative to Bitcoin, for it creators. As a result, the malware has now spreading fast to many countries including Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela.

Digmine’s attack chain

Digmine’s attack chain

The researchers pointed out although Facebook Messenger works across different platforms, however Digmine only affects Facebook Messenger’s desktop/web browser (Chrome) version. If the file is opened on other platforms (e.g., mobile), the malware will not work as intended.

Digmine is coded in AutoIt, and sent to would-be victims posing as a video file but is actually an AutoIt executable script, Trend Micro said in a blogpost. “If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.”

According to the Tokyo-based security consultancy, the abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.

“The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business,” Trend Micro said. “And like many cybercriminal schemes, numbers are crucial — bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising.”

To avoid these types of threats, follow best practices, on securing social media accounts, the cyber experts said. So think before you share, be aware of suspicious and unsolicited messages, and enable your account’s privacy settings.