A Monero Mining Bot Is Spreading Through Facebook Messenger

If you’ve interacted with Facebook, you may have had run-ins with spam bots that infest your profile (or your friends’ profiles) and post links or advertisements without your permission. Well, the same malware that tells your friends to “Check out this link for 90% off a BRAND NEW pair of Ray-Bans. WOW!” is now being used to mine cryptocurrency. A downloaded client runs mining software that contributes hashing power to the malware’s source server. Unaware Facebook users may have downloaded this bot through links shared on Facebook Messenger.

Mining on Someone Else’s Dime

You could be mining cryptocurrency without even knowing it, all because of a mining bot spread through Facebook Messenger.

Lenart Bermejo and Hsia-Yu Shih originally covered the revelation in a Trend Micro report. The malware, called Digimine, originated in South Korea, propagates itself through Facebook’s messaging app, and is used to mine Monero. The bot is confined to Messenger’s desktop client and its Chrome browser extension. If you open the malware on another platform, such as Facebook Messenger’s mobile app, your device will not be infected. The report indicated that the bot’s only surrogate is Messenger right now, but it warned that “it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”

Like other malware, Digimine can only be downloaded by activating its source link. Masquerading as a video file, Digimine is coded into AutoIT, a freeware scripting language designed for Windows. If you open the faux video file, your computer will begin running the AutoIT executable script, and if you have auto login enabled, the bot will automatically send the malware to your Facebook friends via Messenger.

Once it begins running the software, an infected computer connects to the malware’s command-and-control server. This server allocates all of the computing power of infected devices for the purpose of mining Monero, a popular privacy coin. The more computers that become infected, the higher the hashrate for the central mining operations, meaning that Digimine’s orchestrators can expect a fatter payday.

So far, Trend Micro has traced this malware to Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela, adding the caveat: “It’s not far-off for Digimine to reach other countries given the way it propagates.”

Related Post

In response to the development, Facebook issued the following statement:

We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.

In the report, Trend Micro revealed that the malicious links may include the following terms:

vijus[.]bid, ozivu[.]bid, thisdayfunnyday[.]space, thisaworkstation[.]space, mybigthink[.]space, mokuz[.]bid, pabus[.]bid, yezav[.]bid, bigih[.]bid, taraz[.]bid, megu[.]info. The report also lists a number of indicators that may help determine whether or not a device has been infected. For example, if you were to download the malware while using Facebook’s Chrome extension, the malware would terminate and then relaunch Chrome to load Digimine.

If you think your computer has been infected, you can visit facebook.com/help for tips and information on how to move forward.

 

 

Colin Harper

Colin is a freelance writer from Nashville, TN, making his way by writing on crypto-related topics and global politics. When he's not writing on or researching cryptocurrencies, he's likely doing something else or nothing at all--who can really say?

Share
Published by
Colin Harper

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

8 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

8 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

9 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

9 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

9 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

12 hours ago