Sunday 14 January 2018, Poradnik bezpieczeństwa

Digmine – A very dangerous malware is spreading via Facebook Messenger

Lost24

The cyber security experts from Trend Micro company have found a new type of malware, known as Digmine. This malicious bot is spreading across the world via the Facebook Messenger app, and was designed to infect as many privet computers as possible, to mine cryptocurrency for its developers at the expense of the users.

Victims usually receive a zip file, named “video_xxxx.zip” (where xxxx is a four-digit number) that tries to pass as video file. In reality it is an executable script, which if activated can affect Facebook Messenger (both the desktop and web versions) using the Goggle Chrome browser.

Once in control of Chrome, the Digmine bot uses the browser to download and install additional extension for its clandestine mining operation. Normally, Chrome extensions can only be loaded from the official Chrome Web Store, but in this case, the malware's author bypasses that restriction via the command line.

The browser extension is what helps the Digmine miner propagate to the victim’s Facebook friends. If the user has set his or her Facebook account to log in automatically, then the extension can interact with the user’s Facebook data, such as the list of contacts.

To reduce the chance of infection by the Digmine, the Trend Micro researchers recommend the Facebook users to follow social media best practices such as logging out of the accounts, removing apps that are connected to their social media account, using a strong password coupled with two-factor authentication, and being aware that some of the links that are shared to them may contain malware.

The Trend Micro experts have sent their research data to Facebook, which has promptly removed many of the Digmine’s links from its platform. The social network company has also stated that: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.”