Digmine Virus Spreads Via Facebook Messenger - Binary Defense

Digmine Virus Spreads Via Facebook Messenger

The Counterintelligence Team

The Counterintelligence Team

Share on facebook
Share on twitter
Share on linkedin

A new cryptocurrency mining virus has risen, this time the virus is spreading through Facebook’s messenger app and is targeting Google Chrome desktop users.

The Monero miner has been dubbed “Digmine” and is disguised as a non-embedded video file (video_xxxx.zip), however, the file contains a AutoIT executable script.

As soon as victim clicks the file, Digmine will then download components and configuration files from a remote C&C server. Essentially, a cryptocurrency miner is being downloaded which mines Monero cryptocurrency in the background. The attacker is using the victim’s CPU to power the miner however, Digmine does not stop there.

Digmine will then install an autostart tool and then launch Chrome with a malicious extension allowing the attack to access the victim’s Facebook profile to spread the virus to friends on the account. It is worth noting that users who open the video file through the Messenger app on their mobile device will not be infected. Digmine had first been spotted in South Korea while spreading to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela.

Facebook has been alerted and has properly addressed the issue. Users are advised to be cautious when clicking links.

More Articles

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.