North Korean Hackers Are Now Using Facebook Messenger to Mine Cryptocurrencies

A new malware that mines cryptocurrency, first observed in South Korea, is spreading across the globe through Facebook Messenger, cybersecurity experts warned.

In a report published on December 21, researchers at Trend Micro, a cybersecurity firm headquartered in Tokyo, called the malware “Digmine” and announced that it has already spread to Azerbaijan, the Philippines, Thailand, Ukraine, Venezuela, and Vietnam.

Considering where it was first found, North Korea could be its most likely origin, Bitcoin said.

Digmine mines Monero, a decentralized cryptocurrency that’s reportedly the most favorite among hackers. The malware affects Facebook Messenger’s desktop/web browser (Chrome) version only.

The infection chain is pretty straightforward.

Digmine, coded in AutoIt, is sent to potential victims as a video file. It then downloads components through Chrome to execute mining operations.

If the user’s Facebook is set to log in automatically, Digmine will manipulate Messenger to spread the file to the account’s friends.

Researchers are convinced that Digmine, wired to dwell for as long and infect as many computers as possible, can spread to other countries soon.

While it only propagates at the moment, they believe “it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”

For now, they are urging social media users to secure their accounts:

“The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business. And like many cybercriminal schemes, numbers are crucial — bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising.”

“Think before you share, be aware of suspicious and unsolicited messages and enable your account’s privacy settings.”

Facebook, which has since received the report, removed many Digmine-related links immediately.

We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger,” the platform said in a statement. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”

Support our Journalism with a Contribution

Many people might not know this, but despite our large and loyal following which we are immensely grateful for, NextShark is still a small bootstrapped startup that runs on no outside funding or loans.

Everything you see today is built on the backs of warriors who have sacrificed opportunities to help give Asians all over the world a bigger voice.

However, we still face many trials and tribulations in our industry, from figuring out the most sustainable business model for independent media companies to facing the current COVID-19 pandemic decimating advertising revenues across the board.

We hope you consider making a contribution so we can continue to provide you with quality content that informs, educates and inspires the Asian community. Even a $1 contribution goes a long way. Thank you for everyone’s support. We love you all and can’t appreciate you guys enough.

NextShark is a leading source covering Asian American News and Asian News including business, culture, entertainment, politics, tech and lifestyle.

For advertising and inquiries: info@nextshark.com