- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Amy Klobuchar reportedly ate salad with a comb, and Twitter’s got questions Friday 2:47 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- Kim Kardashian West sues fashion company for using her likeness to sell clothes Friday 1:12 PM
- The Oscar-nominated movies you’ll actually want to watch again Friday 12:56 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
- Jake Paul calls out KSI for a YouTube boxing match Friday 11:31 AM
- This elementary school made students play ‘runaway slave’ Friday 11:20 AM
- ‘Captain Marvel’ is already a box office hit Friday 11:06 AM
- This ‘buff bunny vs. small bunny’ meme is here for when you’re feeling inferior Friday 10:53 AM
- Ocasio-Cortez slams trolls who come at her with ‘weak’ memes Friday 10:52 AM
The mining bot is disguised as a viral video.
Tokyo-based cybersecurity firm Trend Micro discovered a cryptocurrency mining bot in Facebook Messenger. Dubbed “Digmine,” the malware was first found in South Korea and has since spread to Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It is expected to rapidly make its way to other countries.
If a Facebook Messenger user has their account set to automatically log in, Digmine will immediately send a disguised video link, typically titled “video_xxxx.zip,” to all of their friends via direct message. If that file is opened, it will execute the malware. Once the bot is planted, an auto-start mechanism will launch Chrome and run a malicious browser extension. Typically, browser extensions can only be downloaded from the Chrome store, but Digmine gives hackers the ability to bypass this step using the command line.
Once everything is in place, a mining module is downloaded onto the victim’s web browser. Known as XMRig, it uses their computer resources to mine Monero, a type of cryptocurrency similar to Bitcoin. The Chrome extension then completes the cycle, sending fake video links to more Facebook users.
The mining bot’s goal is to stay unnoticed for as long as possible, eating up valuable computer CPU resources. Even more concerning is the potential for hackers to take over Facebook accounts.
“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line,” Trend Micro wrote.
Fortunately, the cryptocurrency mining bot is limited to the desktop (Chrome) version of Messenger. If the video file is opened on other platforms, like the mobile webpage or app, it will not work as intended.
Facebook also reportedly took down many Digmine-related links after Trend Micro disclosed its findings.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” Facebook said in a statement. “If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners … on facebook.com/help.”
That doesn’t mean you’re in the clear just yet. It’s likely there are still links floating around, and the hackers could choose to tweak the links and start all over again. To protect yourself from Digmine, avoid opening suspicious links, enable your account’s privacy settings, and monitor your computer’s CPU usage.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.