SAN FRANCISCO, Dec
25: A new cryptocurrencymining
bot, named Digmine,
that was first observed
in South Korea, is spreading
fast through Facebook Messenger
across the world, Tokyo-headquartered
cybersecurity
major Trend Micro has
warned.
After South Korea, it has
since spread in Vietnam, Azerbaijan,
Ukraine, the Philippines,
Thailand and Venezuela.
It is likely to reach other
countries soon, given the way
it propagates.
Facebook Messenger
works across different platforms
but Digmine only affects
the Messenger’s desktop
or web browser
(Chrome) version. If the file
is opened on other platforms,
the malware will not work as
intended, Trend Micro said in
a blogpost.
Digmine is coded in AutoIt
and sent to would-be victims
posing as a video file but
is actually an AutoIt executable
script.
If the user’s Facebook account
is set to log in automatically,
Digmine will manipulate
Facebook Messenger in
order to send a link to the file
to the account’s friends.
The abuse of Facebook is
limited to propagation for now,
but it wouldn’t be implausible
for attackers to hijack the Facebook
account itself down the
line. This functionality’s code
is pushed from the commandand-control
(C&C) server,
which means it can be updated.
A known modus operandi
of cryptocurrency-mining botnets
and particularly for Digmine
(which mines Monero),
is to stay in the victim’s
system for as long as possible.
It also wants to infect as
many machines as possible, as
this translates to an increased
hashrate and potentially more
cybercriminal income, the
blogpost stated.
The malware will also perform
other routines such as
installing a registry autostart
mechanism as well as system
infection marker. It will search
and launch Chrome then load
a malicious browser extension
that it retrieves from the
C&C server. IANS
President
Post a Comment