Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Bitcoin Facebook Communications Privacy Security Technology

Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger (techspot.com) 96

Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.
This discussion has been archived. No new comments can be posted.

Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger

Comments Filter:
  • by nitehawk214 ( 222219 ) on Tuesday December 26, 2017 @08:49PM (#55812671)

    Mobile means we get to relive all the same attacks we saw decades ago.

  • Make sure you have good quality AV.
    Try and find a better message app.
  • by Anonymous Coward

    Better stick with Edge

  • I can't see this being a problem for the /. crowd.
    Really, who here uses Facebook Messenger, Google Chrome and open ZIP attachments?

    • by jrumney ( 197329 )
      Personally, I think this was an obvious scam. Everyone knows that genuine porn videos only have three 'x's in the filename.
    • by AHuxley ( 892839 )
      Thought experiment :)
      End a file in mp4? html? .zip?
      What draws in very average social media users?
      A boring old html page?
      A mp4 file? Thats a movie and as they know the personality of the sender it will be boring, safe for work.
      .zip, its a mystery and could have compressed fun files. Something found by their boring friend who might just have found something fun?

      Some security researcher, a person in social media middle management must have that stat? The file type link most users actually cl
  • Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

    How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

    • Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

      How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

      That's an easy one, you count on users trusting Windows. Since the start Windows has screwed users with extensions. Either hiding them or only showing the first encountered.

      MyFile.zip.exe was very popular awhile back, it would show as a MyFile or Myfile.zip file, yet run as the hidden .exe file.

      As for asking to run it, many have most likely tired of saying yes to the requester and disabled it.

      • by Bruinwar ( 1034968 ) <bruinwar&hotmail,com> on Wednesday December 27, 2017 @08:57AM (#55814487)

        Victims receive a file named "video_xxxx.zip" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension.

        How does opening a .zip run the contents? Does the user also have to run the i-know-you-want-to-double-click-me.exe file?

        That's an easy one, you count on users trusting Windows. Since the start Windows has screwed users with extensions. Either hiding them or only showing the first encountered.

        MyFile.zip.exe was very popular awhile back, it would show as a MyFile or Myfile.zip file, yet run as the hidden .exe file.

        As for asking to run it, many have most likely tired of saying yes to the requester and disabled it.

        The first thing I do when working on someone's computer is uncheck the box "Hide extensions of known file types".

  • by CustomSolvers2 ( 4118921 ) on Wednesday December 27, 2017 @07:30AM (#55814301) Homepage
    The true intention was well disguised! Who wouldn't have opened a file called "video_xxx" sent by a random person? A different story would have been a name like "warning_this_is_a_virus_never_ever_click_here"; even in that case, around 25% of people might click on it anyway. There are lots of unlucky individuals out there who cannot do anything to avoid this almost-perfect technique to succeed. LOL.
    • +1 Insightful?! I guess that the whole extremely evident text which even a really dumb kid should be able to immediately understand as a joke + "LOL" (I do expressly tag all my jokes here since some months ago as a public service to those with limited understanding skills) wasn't clear enough regarding my intention. LOL (-> this means that I am being sarcastic and that that previous post was evidently a joke and that the moderator +1ing it as insightful has some serious understanding problems).
  • How about a hacked version of the malware that returns incorrect results to the C&C? It doesn't even have to use a lot of CPU cycles ... just get the command to start, delay as long as possible and return a response with "Found the answer!" with some random pile of fluff. The idea is to get the C&C to trust the bogus results while making it wait as long as possible so that it essentially submits the wrong answer to the blockchain or at least loses the race to some other miner.

Basic is a high level languish. APL is a high level anguish.

Working...