Posted on December 27, 2017 at 3:44 PM
Hackers are continuously innovating to capitalize on the popular new hacking method and are now using Facebook Messenger to infect devices with a cryptocurrency mining script.
Covert cryptocurrencies have become wildly popular over 2017 as the price of cryptocurrencies reached new heights. The industry’s increasing prices has soon encouraged cryptocurrency mining scripts to emerge. Cryptocurrency mining involves hackers or website administrators to deploy software on a, usually unsuspecting user’s device that will hijack the user’s CPUs to mine cryptocurrency, usually Monero.
While this practice was generally exclusive to media downloading sites and other sites of questionable nature, hackers have been discovered to use Facebook Messenger to spread cryptocurrency mining software.
The cryptocurrency mining bot, called Digmine, was discovered by the cybersecurity company, Trend Micro in South Korea. However, since it’s first discovery, the bot seems to have spread to Venezuela, Vietnam, Thailand, Azerbaijan, Philippines, and Ukraine. Considering the rapid spreading of the bot, it is likely to reach several new countries before long.
An unsuspecting victim will receive a video file labeled as “video_xxx.zip” from a contact on their Facebook Messenger. Upon opening, the video file opens up Google Chrome, with a new harmful browser extension. Any legitimate browser extension for Chrome is exclusively available on its Web Store, however, the cryptocurrency mining bot has managed to evade this security measure.
Once a device has been infected, a modified code of a popular Monero mining tool, XMRig, is executed on the device’s system. This will essentially hijack a user’s device CPUs to covertly mine Monero, to the benefit of the hackers.
The bot works in two ways, however. After Digmine has infected a device, it infiltrates any Facebook accounts linked with the affected Chrome browser, to send the malicious video to the newly infected user’s list of contacts on Facebook Messenger. The malware also appears to have the capacity to completely hijack a Facebook account.
Trend Micro noted that currently hackers are merely using Facebook to spread the botnet, but they have the capability to hijack the Facebook account itself if they wished.
Currently, Digmine can only function by using Messenger on a desktop version of Chrome. The bot appears to be ineffective if opened using the mobile app or mobile webpage.
Following Trend Micro’s discovery, Facebook confirmed that they removed any linked affiliated with the Digmine bot.
In an official statement, Facebook noted that they have several automated systems in place to help prevent the spreading of malicious links that emerge on Facebook as well as Messenger. The company added that if they suspect a specific user to have been infected with malicious software, they will provide the affected user with free anti-virus detection techniques provided by one of their partners.
Users have been warned to not open any suspicious links, even when they come from close friends or family members.