Facebook Messenger Security News: Researchers Find New Malware Spreading to Mine Cryptocurrency

By Jessica Ferrera, Christian Post Contributor

It was recently learned that a group of hackers was spreading a piece of malware through Facebook's Messenger app to mine cryptocurrency coins.

Several days ago, security researchers Lenart Bermejo and Hsiao-Yu Shih posted an entry in Trend Micro's blog sharing their discovery. They said a malware bot had been plaguing Facebook Messenger users with the goal of mining the alternative cryptocurrency Monero.

Bermejo and Shih called the bot Digmine and said it was first observed operating in South Korea. However, as of the time of their report, the said malware had already spread to other countries in various continents such as Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

The researchers were also expecting Digmine to spread to more locations given the way it operates. It works much like a phishing message. Once a Facebook Messenger user receives a message with the Digmine link on their desktop, their computer will be infected and the bot will work its way to sending the link to even more users.

However, the researchers clarified that Digmine only affects the Facebook Messenger version that is used in Google Chrome's browser. Bermejo and Shih confirmed: "If the file is opened on other platforms (e.g., mobile), the malware will not work as intended."

Based on Bermejo and Shih's report, the Digmine malware is embedded on a video file being spread to Facebook Messenger users.

"Digmine is coded in AutoIt, and sent to would-be victims posing as a video file but is actually an AutoIt executable script," the researchers explained.

Some Facebook users have set their accounts to stay logged in or have their login details saved to automatically open their accounts on their Chrome browsers. According to the researchers, this increases the threat for users who have already been infected with the Digmine.

"If the user's Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account's friends," the report said.

Like many malwares, Digmine is being operated through a command-and-control server. This means the hackers using the malware bot can update its function anytime to upgrade its use from simply propagating the virus to launching an even more aggressive and devastating attack such as stealing sensitive user information.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.