New malware spreading fast via Facebook Messenger: Report

by admin | May 25, 2021

facebookad

San Francisco : A new cryptocurrency-mining bot, named “Digmine”, that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.

After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates.

Facebook Messenger works across different platforms but “Digmine” only affects the Messenger’s desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.

“Digmine” is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.

If the user’s Facebook account is set to log in automatically, “Digmine” will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.

The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.

A known modus operandi of cryptocurrency-mining botnets and particularly for “Digmine” (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income, the blogpost stated.

The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.

If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.

—IANS

0 Comments

Submit a Comment Cancel reply

← Gorbachev -- the Soviet Union's bane or unsuccessful hope? (Book Review) GST made 2017 most significant year for economy since Independence →

Recent Posts

Tutorix Launches Innovative Online Foundation Classes for Grades 7th to 10th

Tutorix Launches Innovative Online Foundation Classes for Grades 7th to 10th

Hyderabad, May 18, 2025 - Tutorix, backed by TutorialsPoint's 18+ years of teaching excellence, has launched online foundation classes for grades 7th to 10th. The program combines Mathematics and Science with future skills like Generative AI, providing students with a...

Mr Hamid Farooqui: Visionary Indian-American Entrepreneur and Tech Innovator

Mr Hamid Farooqui: Visionary Indian-American Entrepreneur and Tech Innovator

Danish Reyaz | Maeeshat | Mumbai The American Dream has long served as a beacon, drawing people from around the world to the United States. Its allure lies in the boundless opportunities it promises—rewarding hard work, talent, and determination, free from prejudice...

India pips US to become 2nd largest 5G mobile market, Apple leads

India pips US to become 2nd largest 5G mobile market, Apple leads

New Delhi: India has overtaken the US to become the world’s second-biggest 5G handset market for the first time, behind China, a report has mentioned. Global 5G handset shipments grew 20 per cent (year-on-year) in the first half of 2024, according to the Counterpoint...

Sale of smartphones worth Rs 1 lakh and above surge in India

Sale of smartphones worth Rs 1 lakh and above surge in India

New Delhi: With disposable incomes rising amid the premiumisation trend, the sales of luxury smartphones have surged in India in recent quarters, industry experts said on Tuesday. The smartphone shipments of Rs 1 lakh and above increased by 20 per cent (year-on-year)...

0 Comments

Submit a Comment Cancel reply