A new cryptocurrency mining virus has risen, this time the virus is spreading through Facebook’s messenger app and is targeting Google Chrome desktop users.
The Monero miner has been dubbed “Digmine” and is disguised as a non-embedded video file (video_xxxx.zip), however, the file contains a AutoIT executable script.
As soon as victim clicks the file, Digmine will then download components and configuration files from a remote C&C server. Essentially, a cryptocurrency miner is being downloaded which mines Monero cryptocurrency in the background. The attacker is using the victim’s CPU to power the miner however, Digmine does not stop there.
Digmine will then install an autostart tool and then launch Chrome with a malicious extension allowing the attack to access the victim’s Facebook profile to spread the virus to friends on the account. It is worth noting that users who open the video file through the Messenger app on their mobile device will not be infected. Digmine had first been spotted in South Korea while spreading to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela.
Facebook has been alerted and has properly addressed the issue. Users are advised to be cautious when clicking links.
Our Counterintelligence Team gathers information and conducts operations to identify threats to an organization so that they can better protect against malicious activity. We accomplish this by combining advanced technology with skilled and experienced intelligence specialists. Our goal is to protect your data, your brand and your people.