Digimine Monero Mining Bot Spreads Through Facebook Messenger

From a cybersecurity point of view, 2017 has not been the best of years. In fact, there have been so many new threats, there’s genuine reason to be afraid. The rise of hidden Monero mining scripts is one of those problems people shouldn’t overlook. It seems a new variant, known as Digimine, is spreading through Facebook Messenger. Criminals will continue to use methods like these to make money until people start taking device security more seriously.

Digimine Targets Facebook Messenger Users

Truth be told, it was only a matter of time until we saw the next evolution of Monero mining scripts. We know these scripts have been embedded on a lot of websites this year, either by design or through some malicious meddling by hackers. So far, most of these scripts have not caused any major harm in the end, but that could change pretty quickly. That’s especially the case now that cybercriminals are looking for new ways to mine Monero with other people’s computer resources.

A cryptocurrency miner known as Digimine was identified by Trend Micro earlier this week. It seems this bot spreads through Facebook Messenger, which has quickly become one of the world’s most prominent chatting and instant messaging tools. Addressing any issues affecting this popular messaging platform will not be easy whatsoever. With hundreds of millions of people using Facebook Messenger, it is evident there is plenty of reason to be concerned about Digimine.

This Monero mining bot was first discovered in South Korea, which isn’t surprising. After all, we have seen North Korean hackers successfully attack and harass their South Korean counterparts in connection with Bitcoin and other cryptocurrencies on multiple occasions. However, Digimine is not just a problem in South Korea, as it has shown up in other parts of the world as well.

Reports relating to the Digimine bot have surfaced in Vietnam, the Philippines, Ukraine, and even Venezuela. It is not entirely surprising to see this mining bot spread so quickly, considering that it is distributed through one of the most popular instant messaging applications in the world today. Considering that Facebook Messenger works across computers and mobile devices alike, there are a lot of potential victims out there.

Digimine’s victims will see this malware as a normal video file, which has been a common method of attack for quite some time now. Opening the video will run an automatic script. Facebook accounts set to log in automatically will see the Digimine malware being distributed to their friends and contacts as well. Although no Facebook accounts are hijacked in the process, it may only be a matter of time until that changes.

So far, it doesn’t appear as though any of the existing anti-virus solutions are capable of getting rid of Digimine just yet. As a result, the malware will remain active on one’s system for an extended period of time, which could have all sorts of consequences in the long run. It seems the mining code is a slightly altered version of XMRig, which is an open-source Monero mining solution. It does rely on a command & control server, which means it’s only a matter of time until it is shut down completely.