Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger
Be Aware!!!
If you receive a video file (packed in zip archive) sent by someone (or your friends ) on your Facebook messenger — just don’t click on it.
Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices.
Dubbed Digmine, the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name video_xxxx.zip (as shown in the screenshot), but is actually contains an AutoIt executable script.
Once clicked, the malware infects victim’s computer and downloads its components and related configuration files from a remote command-and-control (C&C) server
Once clicked, the malware infects victim’s computer and downloads its components and related configuration files from a remote command-and-control (C&C) server.
Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source Monero miner known as XMRig —which silently mines the Monero cryptocurrency in the background for hackers using the CPU power of the infected computers.
Besides the cryptocurrency miner, Digimine bot also installs an autostart mechanism and launch Chrome with a malicious extension that allows attackers to access the victims’ Facebook profile and spread the same malware file to their friends' list via Messenger.
Since Chrome extensions can only be installed via official Chrome Web
Store, "the attackers bypassed this by launching Chrome (loaded with the
malicious extension) via command line."
"The extension will read its own configuration from the C&C
server. It can instruct the extension to either proceed with logging in
to Facebook or open a fake page that will play a video" Trend Micro
researchers say.
"The decoy website that plays the video also serves as part of their
C&C structure. This site pretends to be a video streaming site but
also holds a lot of the configurations for the malware’s components."
It's noteworthy that users opening the malicious video file through the Messenger app on their mobile devices are not affected.
Since the miner is controlled from a C&C server, the authors behind
Digiminer can upgrade their malware to add different functionalities
overnight.
Digmine was first spotted infecting users in South Korea and has since
spread its activities to Vietnam, Azerbaijan, Ukraine, Philippines,
Thailand, and Venezuela. But since Facebook Messenger is used worldwide,
there are more chances of the bot being spread globally.
When notified by Researchers, Facebook told it had taken down most of the malware files from the social networking site.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com
Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to
ReplyDelete(hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time.
Contact him now and thank me later.