Crypto Mining Bot is Taking over Facebook Messenger
Mining Malware has been spreading across the web like the plague.
From JavaScript mining code to specialised mining malware, hackers have been having a field day mining coins on the machines of some unsuspecting users.
In all of these cases, the cryptocurrency of choice has been Monero. This is because of the nature of the privacy protocols which hide the transactions and addresses.
Now, it has been reported by some cyber security researchers that hackers are using Facebook messenger to spread some more malicious mining applications.
Malware Bot
According to the research by trendlabs, the mining Malware is spread through the popular messaging application on Facebook.
They have named this malware "digimine". This was first picked up by the researchers in South Korea yet has spread to other places such as Ukraine, the Philippines, Thailand and Venezuela.
The Bot is able to spread really quickly due to it using infected systems to pass on the Malware. These are sometimes termed "Botnets" which are commandeered by the hackers.
Although the researchers do not point a finger at anybody, it is more than likely that the Malware is being spread by North Korea. This is because of where it was first picked up.
Digimine's MO
At first, the victim will get a link sent to their Facebook messenger. It will look like a video file that they can download.
However, when they click on the link it actually executes a script that effects the desktop and web versions of messenger.
The malware is able to get control of the Chrome browser upon which it downloads more scripts and plugins. These will then be used for the undercover mining operation by Digimine.
However, that is just the first part of the operation. If the user has set Facebook to automatically login then Digimine can take over their account and use it to send the link to their contacts.
While the account of the user is only used to spread the Malware, the fact that the hackers have control over it means they could use it for other purposes. According to the researchers
it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line
Cyber Security Best Practices
Thankfully the researchers were able to identify this rather early on. They alerted Facebook which then removed many of the links that were already sent out.
Yet, as cryptocurrency prices continue to rally, attacks like these are likely to be much more commonplace. Hence, it is up to the user to make sure that they take appropriate steps.
Clicking on Malware laden links is a sure-fire way to infect your PC with all types of nasty viruses. This includes not just miners but keyloggers and cryptoshufflers.
Hence, if someone including your friend sends you a suspicious link, don’t click on it until you are certain that it was intentional.
Featured Image via Fotolia
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.