• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Hackers Spreading Digmine Monero Mining Malware via Facebook

December 22nd, 2017 Waqas Malware, Security 0 comments
Hackers Spreading Digmine Monero Mining Malware via Facebook
Share on FacebookShare on Twitter

If you frequently use Facebook Messenger then we advise that you open attachments in your messages a bit more wisely than before. Researchers at renowned cyber-security firm Trend Micro have discovered a malicious new cryptocurrency mining malware that specifically targets Facebook Messenger users . The malware has been dubbed as Digmine. It is hidden in a video file bearing the title video_xxxx.zip, and it is capable of infecting the entire machine if this file is opened and executed by the user.

According to Trend Micro’s blog post, the malware installs a fake Chrome extension, which lets it access the Facebook profile of the victim and also send messages containing the malware file to all the contacts on the victim’s behalf. This is how this campaign is spreading so rapidly. However, the campaign is mainly effective on the desktop version of Google Chrome whereas it is not infecting users who accessed Facebook Messenger on mobile.

Moreover, when Digmine is installed on the machine, it keeps downloading other components, which includes a cryptocurrency miner, which uses the PC for mining Monero, a popular cryptocurrency. Miner.exe is the mining component, which is basically an iteration of XMRing, an open-source Monero miner. This miner has been reconfigured to launch via config.json file and there is no need to receive parameters from the command line. Specific HTTP headers are used by the downloader and mining component for establishing communication with the command-and-control server.

Hackers Spreading Digmine Monero Mining Malware via Facebook

Screenshot shows how hackers are spreading the malware (Trend Micro)

It is also capable of performing other routines including the installation of autostart method registry and system infection marker. It can search and launch Chrome browser to load the infected browser extension retrieved from its command-and-control server. Since the attackers launched the extension through the command line, therefore, they were able to bypass Chrome Web Store scanning, which is responsible for loading and hosting all Chrome extensions.

The malware is currently active in Thailand, Ukraine, Venezuela, Azerbaijan, Vietnam, South Korea and the Philippines but Trend Micro researchers noted that the malware would definitely spread elsewhere because of its default propagation function. The malware was firstly spotted in South Korea.

The malware is coded in Autolt and the file that appears to be containing video is actually an Autolt executable script. This means, if the Facebook account is set to be on automatic log-in then the malware will exploit Facebook Messenger so that the malicious link is sent to other friends of the user.

Facebook reportedly has removed all the links connected to Digmine but it is suspected that hackers would again target users by modifying the current links or by adding fresh code to hijack the user’s account or at least exploit it in some way. As of now, Digmine’s aim is to stay on the infected system for as long as possible and to infect as many computers as possible to get more money.

Facebook states that a number of automated systems are maintained by the social network to stop malicious links and files from invading Facebook and its Messenger app but even then if the computer gets infected with malware, the company will compensate by providing free anti-virus scan conducted by its trusted partners.

  • Tags
  • Bitcoin
  • Cryptocurrency
  • Digmine
  • Facebook
  • Malware
  • Monero
  • Privacy
  • security
  • Social Media
Facebook Twitter LinkedIn Pinterest
Previous article Fake Bitcoin Wallet Apps Found on Google Play Store
Next article Two arrested for Hacking DC Security Cameras Before Trump Inauguration
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

50
Why you should never use free a VPN
Drones

Why you should never use free a VPN

39
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

313

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us