Now, the security firm Trend Micro has reported a cryptocurrency mining bot called “Digimine” that spreads via Facebook Messenger for Google Chrome desktop version. South Korea is the first region where the security firm spotted Digimine, followed by Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela.
The bot presents itself to potential victims as a video file hiding an AutoIt executable script. Trend Micro notes that Digimine doesn’t work when the file is accessed on other platforms where Facebook Messenger is available. And just like Loapi, Digimine is also designed to mine the cryptocurrency Monero from people’s computers.
For the victim’s who have the habit of leaving their Facebook account logged in, the malware can manipulate the Messenger to send messages to the victim’s friends automatically.
The extent to which Messenger is being exploited is currently limited. However, the security firm warns about possibilities of attackers compromising the Facebook accounts in the future as a C&C server pushes the code to Digimine, providing room for easy updates in the future.
Many links related to Digimine have been pulled off after Facebook was informed about the spread of the cryptojacking bot.
What to do?
Probably, you can spot Digimine gaining access to your Chrome browser and the system. In case you clicked an unknown video link, the malware would restart Chrome as it installs a Chrome extension. The extension could display a fake Facebook login page or some web page with a video stream while sucking cryptocoins off your machine.
If you sense that your PC is slowing down and fan speed increased, you should immediately look for some fishy extension in the browser and remove it. You can run a deep scan of your system if you think it’s affected.
There are a few things you should take care. For instance, you shouldn’t leave your account logged-in all the time, check your Facebook account’s privacy settings, think before opening and sharing a file, make sure your password is hard enough, turn on two-factor authentication, etc.
