If you receive a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger — just don’t click on the idea.
Researchers by security firm Trend Micro are warning users of a completely new cryptocurrency mining bot which will be spreading through Facebook Messenger as well as targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices.
Dubbed Digmine, the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name video_xxxx.zip (as shown inside the screenshot), nevertheless will be actually contains an AutoIt executable script.
Once clicked, the malware infects victim’s computer as well as downloads its components as well as related configuration files by a remote command-as well as-control (C&C) server.
Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified type of an open-source Monero miner known as XMRig—which silently mines the Monero cryptocurrency inside the background for hackers using the CPU power of the infected computers.
Besides the cryptocurrency miner, Digimine bot also installs an autostart mechanism as well as launch Chrome which has a malicious extension of which allows attackers to access the victims’ Facebook profile as well as spread the same malware file to their friends’ list via Messenger.
Since Chrome extensions can only be installed via official Chrome Web Store, “the attackers bypassed This kind of by launching Chrome (loaded with the malicious extension) via command line.“
“The extension will read its own configuration by the C&C server. the idea can instruct the extension to either proceed with logging in to Facebook or open a fake page of which will play a video” Trend Micro researchers say.
“The decoy website of which plays the video also serves as part of their C&C structure. This kind of site pretends to be a video streaming site nevertheless also holds a lot of the configurations for the malware’s components.”
the idea’s noteworthy of which users opening the malicious video file through the Messenger app on their mobile devices are not affected.
Since the miner will be controlled by a C&C server, the authors behind Digiminer can upgrade their malware to add different functionalities overnight.
Digmine was first spotted infecting users in South Korea as well as has since spread its activities to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, as well as Venezuela. nevertheless since Facebook Messenger will be used worldwide, there are more chances of the bot being spread globally.
When notified by Researchers, Facebook told the idea had taken down most of the malware files by the social networking site.
Facebook Spam campaigns are quite common. So users are advised to be vigilant when clicking on links as well as files provided via the social media site platform.