North Korean Hackers Are Now Using Facebook Messenger to Mine Cryptocurrencies

North Korean Hackers Are Now Using Facebook Messenger to Mine Cryptocurrencies

December 26, 2017
A new malware that mines cryptocurrency, first observed in South Korea, is spreading across the globe through Facebook Messenger, cybersecurity experts warned.
In a report published on December 21, researchers at Trend Micro, a cybersecurity firm headquartered in Tokyo, called the malware “Digmine” and announced that it has already spread to Azerbaijan, the Philippines, Thailand, Ukraine, Venezuela, and Vietnam.
Considering where it was first found, North Korea could be its most likely origin, Bitcoin said.
Digmine mines Monero, a decentralized cryptocurrency that’s reportedly the most favorite among hackers. The malware affects Facebook Messenger’s desktop/web browser (Chrome) version only.
Subscribe to
NextShark's Newsletter

A daily dose of Asian America's essential stories, in under 5 minutes.

Get our collection of Asian America's most essential stories to your inbox daily for free.

Unsure? Check out our Newsletter Archive.

The infection chain is pretty straightforward.
Digmine, coded in AutoIt, is sent to potential victims as a video file. It then downloads components through Chrome to execute mining operations.
If the user’s Facebook is set to log in automatically, Digmine will manipulate Messenger to spread the file to the account’s friends.
Researchers are convinced that Digmine, wired to dwell for as long and infect as many computers as possible, can spread to other countries soon.
While it only propagates at the moment, they believe “it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”
For now, they are urging social media users to secure their accounts:
“The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business. And like many cybercriminal schemes, numbers are crucial — bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising.”
“Think before you share, be aware of suspicious and unsolicited messages and enable your account’s privacy settings.”
Facebook, which has since received the report, removed many Digmine-related links immediately.
We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” the platform said in a statement. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on”
      Carl Samson

      Carl Samson is a Senior Editor for NextShark




      Many people might not know this, but NextShark is a small media startup that runs on no outside funding or loans, and with no paywalls or subscription fees, we rely on help from our community and readers like you.

      Everything you see today is built by Asians, for Asians to help amplify our voices globally and support each other. However, we still face many difficulties in our industry because of our commitment to accessible and informational Asian news coverage.

      We hope you consider making a contribution to NextShark so we can continue to provide you quality journalism that informs, educates, and inspires the Asian community. Even a $1 contribution goes a long way. Thank you for supporting NextShark and our community.

      © 2023 NextShark, Inc. All rights reserved.