A Monero Mining Bot Is Spreading Through Facebook Messenger

If you’ve interacted with Facebook, you may have had run-ins with spam bots that infest your profile (or your friends’ profiles) and post links or advertisements without your permission. Well, the same malware that tells your friends to “Check out this link for 90% off a BRAND NEW pair of Ray-Bans. WOW!” is now being used to mine cryptocurrency. A downloaded client runs mining software that contributes hashing power to the malware’s source server. Unaware Facebook users may have downloaded this bot through links shared on Facebook Messenger.

Mining on Someone Else’s Dime

You could be mining cryptocurrency without even knowing it, all because of a mining bot spread through Facebook Messenger.

Lenart Bermejo and Hsia-Yu Shih originally covered the revelation in a Trend Micro report. The malware, called Digimine, originated in South Korea, propagates itself through Facebook’s messaging app, and is used to mine Monero. The bot is confined to Messenger’s desktop client and its Chrome browser extension. If you open the malware on another platform, such as Facebook Messenger’s mobile app, your device will not be infected. The report indicated that the bot’s only surrogate is Messenger right now, but it warned that “it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”

Like other malware, Digimine can only be downloaded by activating its source link. Masquerading as a video file, Digimine is coded into AutoIT, a freeware scripting language designed for Windows. If you open the faux video file, your computer will begin running the AutoIT executable script, and if you have auto login enabled, the bot will automatically send the malware to your Facebook friends via Messenger.

Once it begins running the software, an infected computer connects to the malware’s command-and-control server. This server allocates all of the computing power of infected devices for the purpose of mining Monero, a popular privacy coin. The more computers that become infected, the higher the hashrate for the central mining operations, meaning that Digimine’s orchestrators can expect a fatter payday.

So far, Trend Micro has traced this malware to Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela, adding the caveat: “It’s not far-off for Digimine to reach other countries given the way it propagates.”

Related Post

In response to the development, Facebook issued the following statement:

We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.

In the report, Trend Micro revealed that the malicious links may include the following terms:

vijus[.]bid, ozivu[.]bid, thisdayfunnyday[.]space, thisaworkstation[.]space, mybigthink[.]space, mokuz[.]bid, pabus[.]bid, yezav[.]bid, bigih[.]bid, taraz[.]bid, megu[.]info. The report also lists a number of indicators that may help determine whether or not a device has been infected. For example, if you were to download the malware while using Facebook’s Chrome extension, the malware would terminate and then relaunch Chrome to load Digimine.

If you think your computer has been infected, you can visit facebook.com/help for tips and information on how to move forward.

 

 

Colin Harper

Colin is a freelance writer from Nashville, TN, making his way by writing on crypto-related topics and global politics. When he's not writing on or researching cryptocurrencies, he's likely doing something else or nothing at all--who can really say?

Share
Published by
Colin Harper

Recent Posts

Remittix (RTX) Set To Surpass Ripple (XRP) In 2025 With The Dawn Of PayFi—5000% Rally Expected

Ripple (XRP) has certainly been around the crypto market long enough for anyone to have…

4 mins ago

What Are the Top Decentralized Crypto Wallets for This Year?

Master Your Crypto Portfolio: Leading Decentralized Wallets for Maximum Control & Earnings in 2025 With…

20 mins ago

Lethal Bearish Attack Heavily Dumps WIF & SHIB Prices; DTX Exchange Accumulation Soars

The crypto market is typical of sudden changes in fortune and price drops. That has…

60 mins ago

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

12 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

13 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

14 hours ago