Beware of Cryptocurrency Mining Virus Spreading Through Facebook Messenger

cyber

If you receive a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger — just don’t click on it.

Researchers from security firm Trend Micro are warning users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take advantage of the recent surge in cryptocurrency prices.

Dubbed Digmine, the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name video_xxxx.zip (as shown in the screenshot), but is actually contains an AutoIt executable script.
Once clicked, the malware infects victim’s computer and downloads its components and related configuration files from a remote command-and-control (C&C) server.

Digimine primarily installs a cryptocurrency miner, i.e. miner.exe—a modified version of an open-source Monero miner known as XMRig—which silently mines the Monero cryptocurrency in the background for hackers using the CPU power of the infected computers.

cryptocurrency-facebook

Besides the cryptocurrency miner, Digimine bot also installs an autostart mechanism and launch Chrome with a malicious extension that allows attackers to access the victims’ Facebook profile and spread the same malware file to their friends’ list via Messenger.

Since Chrome extensions can only be installed via official Chrome Web Store, “the attackers bypassed this by launching Chrome (loaded with the malicious extension) via command line.

“The extension will read its own configuration from the C&C server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video” Trend Micro researchers say.

To read the original article:https://thehackernews.com/2017/12/cryptocurrency-hack-facebook.html?utm_source=dlvr.it&utm_medium=twitter

 

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Next Post

Uber says data breach compromised 380K users in Singapore

Ride-sharing company reveals 380,000 in Singapore were affected by the massive data breach that compromised 57 million accounts globally, but says no fraud or misuse has been tied to these users. Uber says an estimated 380,000 users in Singapore were impacted by the 2016 data breach that compromised 58 million […]