A new malware that mines cryptocurrency, first observed in South Korea, is spreading across the globe through Facebook Messenger, cybersecurity experts warned.
In a report published on December 21, researchers at Trend Micro, a cybersecurity firm headquartered in Tokyo, called the malware “Digmine” and announced that it has already spread to Azerbaijan, the Philippines, Thailand, Ukraine, Venezuela, and Vietnam. Considering where it was first found, North Korea could be its most likely origin, Bitcoin said. Digmine mines Monero, a decentralized cryptocurrency that’s reportedly the most favorite among hackers. The malware affects Facebook Messenger’s desktop/web browser (Chrome) version only.
A daily dose of Asian America's essential stories, in under 5 minutes.
Get our collection of Asian America's most essential stories to your inbox daily for free.
Unsure? Check out our Newsletter Archive.
The infection chain is pretty straightforward.
Digmine, coded in AutoIt, is sent to potential victims as a video file. It then downloads components through Chrome to execute mining operations.
If the user’s Facebook is set to log in automatically, Digmine will manipulate Messenger to spread the file to the account’s friends.
Researchers are convinced that Digmine, wired to dwell for as long and infect as many computers as possible, can spread to other countries soon.
While it only propagates at the moment, they believe “it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”
For now, they are urging social media users to secure their accounts:
“The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business. And like many cybercriminal schemes, numbers are crucial — bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising.”
“Think before you share, be aware of suspicious and unsolicited messages and enable your account’s privacy settings.”
Facebook, which has since received the report, removed many Digmine-related links immediately.
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,”
the platform said in a statement. “If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”