- How to live stream Liga MX 2 Years Ago
- The QBaby’s parents are already trying to profit off their kid’s fame 2 Years Ago
- How do 4DX movies work? Today 7:00 AM
- ‘Terminator 2’s John Connor will return for ‘Terminator: Dark Fate’ Today 6:41 AM
- What are all these ‘Game of Thrones’ fans supposed to do now? Today 6:00 AM
- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
The mining bot is disguised as a viral video.
Tokyo-based cybersecurity firm Trend Micro discovered a cryptocurrency mining bot in Facebook Messenger. Dubbed “Digmine,” the malware was first found in South Korea and has since spread to Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It is expected to rapidly make its way to other countries.
If a Facebook Messenger user has their account set to automatically log in, Digmine will immediately send a disguised video link, typically titled “video_xxxx.zip,” to all of their friends via direct message. If that file is opened, it will execute the malware. Once the bot is planted, an auto-start mechanism will launch Chrome and run a malicious browser extension. Typically, browser extensions can only be downloaded from the Chrome store, but Digmine gives hackers the ability to bypass this step using the command line.
Once everything is in place, a mining module is downloaded onto the victim’s web browser. Known as XMRig, it uses their computer resources to mine Monero, a type of cryptocurrency similar to Bitcoin. The Chrome extension then completes the cycle, sending fake video links to more Facebook users.
The mining bot’s goal is to stay unnoticed for as long as possible, eating up valuable computer CPU resources. Even more concerning is the potential for hackers to take over Facebook accounts.
“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line,” Trend Micro wrote.
Fortunately, the cryptocurrency mining bot is limited to the desktop (Chrome) version of Messenger. If the video file is opened on other platforms, like the mobile webpage or app, it will not work as intended.
Facebook also reportedly took down many Digmine-related links after Trend Micro disclosed its findings.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” Facebook said in a statement. “If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners … on facebook.com/help.”
That doesn’t mean you’re in the clear just yet. It’s likely there are still links floating around, and the hackers could choose to tweak the links and start all over again. To protect yourself from Digmine, avoid opening suspicious links, enable your account’s privacy settings, and monitor your computer’s CPU usage.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.