Home Latests News New malware spreading fast via Facebook Messenger:

[Latest]New malware spreading fast via Facebook Messenger:

83
1
SHARE
{updated*} Smart Ways To Get More Subscribers on YouTube in 2018

[Latest]New malware spreading fast via Facebook Messenger:

 

A new cryptocurrency-mining bot, named “Digmine”, that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned. After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates. Facebook Messenger works across different platforms but “Digmine” only affects the Messenger’s desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost. “Digmine” is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the user’s Facebook account is set to log in automatically, “Digmine” will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.

New malware spreading via FB Messenger – antivirus firms.

 

The malware in this case is a type of adware – illicitly installed software that pushes ads to victims, and earns ad money for the cybercriminals – and one that may also be collecting credentials from Facebook accounts. Kaspersky senior security researcher David Jacoby says in a blog post that while he sees no Trojans or other exploits being downloaded, the people behind the cyber scam are “most likely making a lot of money in ads and getting access to a lot of Facebook accounts.”

Jacoby, however, also said that they are not yet sure how the malware is spreading via Facebook Messenger but are suspecting “stolen credentials, hijacked browsers or clickjacking.”

Varied infection mechanisms

After clicking the link on Messenger, the user is redirected to a dynamic landing page on Google Docs, which shows what appears to be a playable movie, as shown below. When the user clicks on the fake playable movie, the user is then redirected to another site that tricks the user into downloading the infecting file.

 

New malware spreading fast via Facebook Messenger: Report

Facebook Messenger works across different platforms but “Digmine” only affects the Messenger’s desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.

“Digmine” is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.

If the user’s Facebook account is set to log in automatically, “Digmine” will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.[Latest]New malware spreading fast via Facebook Messenger:

The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.

A known modus operandi of cryptocurrency-mining botnets and particularly for “Digmine” (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income, the blogpost stated.

The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.

If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here