Cryptocurrency Malware Targets Facebook Messenger Chatbot

As the value of Bitcoin and other digital assets continue to soar, hackers and other deviants are using ingenious means of luring susceptible customers and stealing their hard earned cryptocurrencies. Facebook in particular is used as a medium for spreading widespread malware, because of its market reach as well as its platform integration capacity.

At this point, it should also be noted that in a recent study conducted by a well known newspaper, it was found that a malware called Digimine is currently being circulated all across the internet. It makes use of a mining bot that latches onto the FB messenger service of its victims, and then uses their CPU power to mine a currency called Monero.

How Is Digimine Being Circulated?

According to experts over at Trend Micro, the malware is being disguised as a video that is named “video_xxxx.zip”. It is circulated via FB messages from infected accounts to friends and other acquaintances. Also, it is important to mention that Digimine only affects desktop computers, and smartphones remain unaffected by this malware.

Worrying Aspects

• Once Digimine has infected a machine, it gets access to our Facebook account. It is then able to spread the bot to pretty much everyone else on our friend list.
• If a person's account is set to an auto-login mode, this bot is able to hijack our contact list and thus gradually affect everyone we know with the malware.

How Does Digimine Work?

For starters, Digimine makes use of a mining bot called “miner.exe” which it installs onto our computers. This bot is basically a “modified version” of an open source Monero miner called ‘XMRig’. In terms of its operations, Digimine runs silently in the background, and keeps sending back small profits to hackers and other people who make use of this malware. In addition to this, it also automatically adds an extension onto our Chrome browser, and then silently attacks all of our Facebook contacts with this bot.

While we may think that Chrome extensions can only be applied via the official webstore, but hackers have devised an ingenious bypass mechanism, that allows for this malicious extension to be incorporated into our machines.

How Do I Stay Clear Of This Malware?

AntiVirus experts from Trend Micro have identified this problem, and have released a statement online that addresses this issue. The statement is available on the official company website, and reads “The extension will read its own configuration from the C&C [command and control] server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video. The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components.”

Thus, for people who are heavy social media users, it is of significant importance to keep these details in mind.