- Kentucky food truck repurposes ‘LGBTQ’ to support Trump, BBQ Tuesday 8:47 PM
- Trump complains about his Twitter follower count to Jack Dorsey Tuesday 6:34 PM
- ‘Avengers: Endgame’ sticks the devastating landing—and gives you time to grieve Tuesday 5:00 PM
- Teen hits Apple with $1 billion lawsuit over alleged face recognition arrest Tuesday 4:48 PM
- John Cornyn tried to attack Patton Oswalt for his old tweets and failed miserably Tuesday 4:29 PM
- Logan Paul is selling a pillow of his dead dog—for a good cause Tuesday 4:04 PM
- Study: Too much Netflix, not enough ‘chill’ Tuesday 3:36 PM
- Pete Buttigieg under fire for saying incarcerated Americans shouldn’t be allowed to vote Tuesday 2:54 PM
- Vine’s co-founder is beta testing a new app called Byte Tuesday 2:51 PM
- Report: Joe Biden’s first 2020 fundraiser will be with a Comcast executive Tuesday 2:49 PM
- Netflix’s ‘Sabrina’ appears to have an art-copying problem (updated) Tuesday 2:47 PM
- People are crying over these cats’ window-sill romance Tuesday 2:27 PM
- The ‘I’m baby’ meme is all about being comforted Tuesday 2:24 PM
- Parody video totally nails what men are like on Tinder Tuesday 1:57 PM
- Twitch star AriLove latest woman to be arbitrarily banned for ‘sexually suggestive’ attire Tuesday 1:47 PM
The mining bot is disguised as a viral video.
Tokyo-based cybersecurity firm Trend Micro discovered a cryptocurrency mining bot in Facebook Messenger. Dubbed “Digmine,” the malware was first found in South Korea and has since spread to Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It is expected to rapidly make its way to other countries.
If a Facebook Messenger user has their account set to automatically log in, Digmine will immediately send a disguised video link, typically titled “video_xxxx.zip,” to all of their friends via direct message. If that file is opened, it will execute the malware. Once the bot is planted, an auto-start mechanism will launch Chrome and run a malicious browser extension. Typically, browser extensions can only be downloaded from the Chrome store, but Digmine gives hackers the ability to bypass this step using the command line.
Once everything is in place, a mining module is downloaded onto the victim’s web browser. Known as XMRig, it uses their computer resources to mine Monero, a type of cryptocurrency similar to Bitcoin. The Chrome extension then completes the cycle, sending fake video links to more Facebook users.
The mining bot’s goal is to stay unnoticed for as long as possible, eating up valuable computer CPU resources. Even more concerning is the potential for hackers to take over Facebook accounts.
“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line,” Trend Micro wrote.
Fortunately, the cryptocurrency mining bot is limited to the desktop (Chrome) version of Messenger. If the video file is opened on other platforms, like the mobile webpage or app, it will not work as intended.
Facebook also reportedly took down many Digmine-related links after Trend Micro disclosed its findings.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” Facebook said in a statement. “If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners … on facebook.com/help.”
That doesn’t mean you’re in the clear just yet. It’s likely there are still links floating around, and the hackers could choose to tweak the links and start all over again. To protect yourself from Digmine, avoid opening suspicious links, enable your account’s privacy settings, and monitor your computer’s CPU usage.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.