A new cryptocurrency-mining bot called Digmine is spreading through Facebook Messenger, according to cybersecurity and defense expert, Trend Micro.
Digmine, coded in Autolt, is sent in the form of a video file, and manipulates the Messenger if the automatic log in is enabled. The attackers then have access to your account and friends’ list, which means they share the video file further to your friends and hack their account as well, and the chain goes on. The more systems they attack, the more cryptocurrency they earn.
First surfaced in South Korea, the Digmine rapidly spread and attacked users in other countries including Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela, and will reach other countries as well.
But the cryptocurrency miner can spread only through the desktop version of Messenger used in Google Chrome. The so-called video file won’t affect the Messenger’s mobile app users.
These cryptocurrency-mining bots are pushed from the C&C (command-and-control) server, which reads its configuration and download several components. The Digmine intends to stay in the system of victims for long to infect the other machines as well.
Last year, at the time of a similar attack, a spokesperson from Facebook had said, “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.”
To protect its users from Digmine, Facebook has shared some tips and links, which can be found at facebook.com/help. Facebook has advised users not to click on the random links they don’t recognize.