Cryptojacking Bot “Digimine” Spreading Via FB Messenger in Google Chrome Desktop

Cryptocurrency mining is on the rise and so does the number of instances where wrong ways are used to harvest the digital currency. Just a day before yesterday, we told you about the Loapi Android malware that mines Monero on your device. Even if you’re sitting at a place like Starbucks, mining can happen anytime.

Now, the security firm Trend Micro has reported a cryptocurrency mining bot called “Digimine” that spreads via Facebook Messenger for Google Chrome desktop version. South Korea is the first region where the security firm spotted Digimine, followed by Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela.

The bot presents itself to potential victims as a video file hiding an AutoIt executable script. Trend Micro notes that Digimine doesn’t work when the file is accessed on other platforms where Facebook Messenger is available. And just like Loapi, Digimine is also designed to mine the cryptocurrency Monero from people’s computers.

For the victim’s who have the habit of leaving their Facebook account logged in, the malware can manipulate the Messenger to send messages to the victim’s friends automatically.

The extent to which Messenger is being exploited is currently limited. However, the security firm warns about possibilities of attackers compromising the Facebook accounts in the future as a C&C server pushes the code to Digimine, providing room for easy updates in the future.

Many links related to Digimine have been pulled off after Facebook was informed about the spread of the cryptojacking bot.

What to do?

Probably, you can spot Digimine gaining access to your Chrome browser and the system. In case you clicked an unknown video link, the malware would restart Chrome as it installs a Chrome extension. The extension could display a fake Facebook login page or some web page with a video stream while sucking cryptocoins off your machine.

If you sense that your PC is slowing down and fan speed increased, you should…

Article Source…

Leave a Reply

Your email address will not be published. Required fields are marked *