If the users Facebook account
is set to log in automatically,
Digmine will manipulate
Facebook Messenger in
order to send a link to the file
to the accounts friends.
The abuse of Facebook is
limited to propagation for now,
but it wouldnt be implausible
for attackers to hijack the Facebook
account itself down the
line. This functionalitys code
is pushed from the commandand-control
(C&C) server,
which means it can be updated.
A known modus operandi
of cryptocurrency-mining botnets
and particularly for Digmine
(which mines Monero),
is to stay in the victims
system for as long as possible.
It also wants to infect as
many machines as possible, as
this translates to an increased
hashrate and potentially more
cybercriminal income, the
blogpost stated.
The malware will also perform
other routines such as
installing a registry autostart
mechanism as well as system
infection marker. It will search
and launch Chrome then load
a malicious browser extension
that it retrieves from the
C&C server. IANS
President
Post a Comment