CyberWisdom Safe Harbor Commentary:
TrendMicro had discovered a new cryptocurrency mining robot that spread via Facebook Messenger and was first observed in Korea. We named the Digmine based on the nickname (비트 코채 채채기 bot) mentioned in a recent report of a related incident in South Korea. We also see Digmine spreading in Vietnam, Azerbaijan, Ukraine, Vietnam, the Philippines, Thailand and Venezuela. Digmine is not far away from reaching other countries by means of transmission.
Facebook Messenger works on different platforms, but Digmine only affects Facebook Messenger’s desktop / web browser (Chrome) version. If the file is opened on other platforms (such as mobile platforms), the malware will not work properly.
Digmine encodes in AutoIt and sends it to potential victims to pretend to be video files, but is actually an AutoIt executable. If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is now limited to spreading, but it does not make sense for attackers to hijack Facebook accounts themselves. The code for this function is pushed from the Command and Control (C & C) server, which means it can be updated.
A known way of working with cryptocurrencies to mine botnets, and in particular Digmine (it is mining Monero), works as long as possible for the victim’s system. It also wants to infect as many machines as possible, which means increased hash rate and potential cybercriminal income.
Figure 1: Digmine’s attack chain
We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker (비트코인 채굴기 bot) it was referred to in a report of recent related incidents in South Korea. We’ve also seen Digmine spreading in other regions such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It’s not far-off for Digmine to reach other countries given the way it propagates. Post from: Trendlabs Security Intelligence Blog – by Trend Micro Engaging post, Read More…
thumbnail courtesy of trendmicro.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »