Many types of malware infections can be transmitted through social networking sites. Researchers from TrendMicro discovered a new threat: Digmine cryptocurrency miner which targets users of Google Chrome browser. First detected in South Korea, Digmine is continuing to attack people from Vietnam, Ukraine, Azerbaijan, Philippines and many other countries. All of these regions are targeted through one platform: Facebook Messenger.
Do not download video_xxxx.zip file through Messenger
Digmine is created in AutoIt, but is offered to Messenger users as a video file. Hackers are taking advantage of those Facebook accounts that are assigned to log in automatically. Crooks will send malicious messages to friends of the hijacked Facebook account. This will make potential-victims think that one of their friends is trying to share a video with them. However, if people download the video_xxxx.zip, they will actually download an AutoIt executable script.
As soon as the malicious .zip file is downloaded, the file will deliver miner.exe and other necessarily components. It appears that the malicious crypto-miner is actually based on a legitimate mining service called XMRig. From this point when a computer becomes infected with a crypto-miner, the hackers will hope that the infection will remain in the system for as long as possible. However, as soon as one person is infected, a chain-effect will begin. The jeopardized Facebook account will send the same video_xxxx.zip file to all of his Facebook friends.
Be aware of this warning and do not download similar files via Messenger. It could be that your friends’ accounts are compromised and you are next on their targets’ list. Furthermore, the Digmine appears to be a rather sophisticated infection. Hackers control the miner from a C&C server and can easily improve the miner or change its functions.
Crypto-mining is thriving
There are many legitimate crypto-mining services that people can exploit. However, hackers frequently take advantage of those scripts and distribute malicious Trojans/miners. You could become infected with these sneaky miners by simply visiting certain websites or downloading various programs, browser extensions.
Be careful not to have your CPU resources exploited for the purpose of making hackers richer. We hope you will follow our recommendations and stay away from suspicious messages through Messenger. Actually, this technique is old and majority of Facebook users should automatically disregard such messages.
Source: Blog.trendmicro.com.