How Cryptocurrency Minning spreading through Facebook Messenger?
If you receive a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger — just don’t click on it.cryptocurrency mining bot named “Digmine”is spreading fast through Facebook Messenger across the world.First it was spreading in south Korea after that it is spreading in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. Most probably it will affect the other countries soon.Digmine” affects the Messenger’s desktop or web browser (Chrome) version.If the user’s Facebook account is set to log in automatically, “Digmine” will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.
A facebook user who don’t know anything about digmine click on the link and it will spread in every devices near by users.The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated. As described below
Besides the cryptocurrency miner, Digimine bot also installs an autostart mechanism and launch Chrome with a malicious extension that allows attackers to access the victims’ Facebook profile and spread the same malware file to their friends’ list via Messenger.
Since Chrome extensions can only be installed via official Chrome Web Store, “the attackers bypassed this by launching Chrome (loaded with the malicious extension) via command line.”
“The extension will read its own configuration from the C&C server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video” Trend Micro researchers say.
“The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components.”
It’s noteworthy that users opening the malicious video file through the Messenger app on their mobile devices are not affected.
Since the miner is controlled from a C&C server, the authors behind Digiminer can upgrade their malware to add different functionalities overnight.Digmine was first spotted infecting users in South Korea and has since spread its activities to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela. But since Facebook Messenger is used worldwide, there are more chances of the bot being spread globally.
When notified by Researchers, Facebook told it had taken down most of the malware files from the social networking site.
Facebook Spam campaigns are quite common. So users are advised to be vigilant when clicking on links and files provided via the social media site platform.