Malware spreading via FB messenger

29
spreading

MNA Science & Tech Desk: A new crypto currency-mining bot, named “Digmine”, that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.

After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates, reported news agency.

Facebook Messenger works across different platforms but “Digmine” only affects the Messenger’s desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.

“Digmine” is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.

If the user’s Facebook account is set to log in automatically, “Digmine” will manipulate Facebook Messenger in order to send a link to the file to the account’s friends.

The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.