A couple of cyber defense experts have reported they tracked down a new mining malware spreading via Facebook Messenger, which they named Digmine. Like many similar exploits before, this bot was using infected systems to mine one of the most favorite cryptocurrency by hackers, monero.
First observed in South Korea, Digmine has already been found in Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. The bot is spreading very fast, using hijacked systems to infect more computers like a virus, and is therefore expected to have reach other countries where it previously remained hidden. While the researchers do not mention it, the fact of where it was first found suggests its most likely origin is North Korea.
Facebook Messenger to Google Chrome
Digmine is sent to victims masquerading as a link to a video file when it is actually an executable script. It affects Facebook Messenger’s desktop and web versions using the Goggle Chrome browser. Once in control of Chrome, it uses the browser to download additional tools for its clandestine mining operation.
In addition, if the user’s Facebook account is set to log in automatically, Digmine will hijack Messenger to spread the the file to all of the account holder’s friends. The use of Facebook is currently restricted to spreading the malware, but “it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line,” the researchers explain.
The researchers shared their findings with Facebook which removed many of the links to Digmine from its messenger app. The company stated that: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.”