- Jenny Slate sets first comedy special at Netflix 2 Years Ago
- #EndSmearFear is aiming to save lives 2 Years Ago
- Netflix ‘Living With Yourself’ trailer offers a double dose of Paul Rudd 2 Years Ago
- How to stream the 2019-20 UEFA Champions League Today 2:04 PM
- Caitlyn Jenner ridiculed with transphobic jokes during Alec Baldwin roast Today 1:27 PM
- Brad Pitt confronts his daddy issues in the sci-fi epic ‘Ad Astra’ Today 1:20 PM
- People are stanning Elizabeth Warren’s respect for a train’s quiet car Today 1:16 PM
- Far-right mobs attacked queer kids after first Pride in Ukraine city Today 1:13 PM
- Influencer who photoshopped clouds into photos is partnering with the editing app Today 12:34 PM
- Lupita Nyong’o and Danai Gurira team up for ‘Americanah’ Today 12:29 PM
- Video shows cop mocking Black ninth-grader who was detained at bus stop Today 12:27 PM
- Has Trump reversed course on fighting a war for the Saudis? Today 12:20 PM
- These iOS 13 features will have you racing to update your iPhone on Sept. 19 Today 12:05 PM
- Trump calls for investigation into Obama’s Netflix deal—gets memed instead Today 11:37 AM
- Students won’t be disciplined for blackface photo, university says Today 11:18 AM
Tokyo-based cybersecurity firm Trend Micro discovered a cryptocurrency mining bot in Facebook Messenger. Dubbed “Digmine,” the malware was first found in South Korea and has since spread to Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It is expected to rapidly make its way to other countries.
If a Facebook Messenger user has their account set to automatically log in, Digmine will immediately send a disguised video link, typically titled “video_xxxx.zip,” to all of their friends via direct message. If that file is opened, it will execute the malware. Once the bot is planted, an auto-start mechanism will launch Chrome and run a malicious browser extension. Typically, browser extensions can only be downloaded from the Chrome store, but Digmine gives hackers the ability to bypass this step using the command line.
Once everything is in place, a mining module is downloaded onto the victim’s web browser. Known as XMRig, it uses their computer resources to mine Monero, a type of cryptocurrency similar to Bitcoin. The Chrome extension then completes the cycle, sending fake video links to more Facebook users.
The mining bot’s goal is to stay unnoticed for as long as possible, eating up valuable computer CPU resources. Even more concerning is the potential for hackers to take over Facebook accounts.
“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line,” Trend Micro wrote.
Fortunately, the cryptocurrency mining bot is limited to the desktop (Chrome) version of Messenger. If the video file is opened on other platforms, like the mobile webpage or app, it will not work as intended.
Facebook also reportedly took down many Digmine-related links after Trend Micro disclosed its findings.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” Facebook said in a statement. “If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners … on facebook.com/help.”
That doesn’t mean you’re in the clear just yet. It’s likely there are still links floating around, and the hackers could choose to tweak the links and start all over again. To protect yourself from Digmine, avoid opening suspicious links, enable your account’s privacy settings, and monitor your computer’s CPU usage.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.