According to cybersecurity firm TrendMicro, the Monero mining craze has now reached Facebook users. Security experts report a cryptocurrency mining bot is spreading via Facebook Messenger, in the Google Chrome browser for desktop. Dubbed Digmine, it was first seen in South Korea but already spread to various countries including Venezuela, Ukraine, and Vietnam. Given how fast its spreading, it’ll likely show up in other regions soon.
Digmine essentially masquerades as a link to a non-embedded video file that, in reality, is an executable script. Once the file is clicked on, the script downloads components from a server so it can install a Chrome extension to mine Monero. Then either streams a bogus video or manipulates the person’s account to send its link to their Facebook friends – if their account is set to log in automatically.
The researchers wrote:
“A known modus operandi of cryptocurrency-mining botnets, and particularly for Digmine (which mines Monero), is to stay in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income.”
Interestingly, Digmine only works on Chrome, and on desktops. If the victim clicks on the link using another browser or a mobile device, it won’t work as intended. Digmine bypasses the Chrome web store, which extensions have to go through, using a command-line interface.
After finding Digmine, Trend Micro quickly contacted Facebook, which removed most links associated with it. The social network released a statement:
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help.”
To avoid infection on social networks, enable your account’s privacy settings, avoid unsolicited messages, and avoid suspicious links. The malware’s authors can upgrade it to hijack Facebook accounts down the line, experts note.
The Monero mining craze has gotten so big, bad actors already hijacked the CBS-owned Showtime websites to mine using visitor’s CPUs. Moreover, it forced Cloudflare to crack down on websites that didn’t ask for user permission.