Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/teasha5/public_html/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/inc/nxs_functions_engine.php on line 173

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/teasha5/public_html/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/inc/nxs_functions_engine.php on line 180

Warning: session_start(): Cannot start session when headers already sent in /home/teasha5/public_html/wp-content/plugins/cm-rss-aggregator-pro/plugin/notices/AdminNoticeManager.php on line 19
Digmine Cryptocurrency Miner Spreading via Facebook Messenger | Safe Harbor on Cyber google-site-verification: google30a059f9a075f398.html

Digmine Cryptocurrency Miner Spreading via Facebook Messenger

CyberWisdom Safe Harbor Commentary:

TrendMicro had discovered a new cryptocurrency mining robot that spread via Facebook Messenger and was first observed in Korea. We named the Digmine based on the nickname (비트 코채 채채기 bot) mentioned in a recent report of a related incident in South Korea. We also see Digmine spreading in Vietnam, Azerbaijan, Ukraine, Vietnam, the Philippines, Thailand and Venezuela. Digmine is not far away from reaching other countries by means of transmission.

Facebook Messenger works on different platforms, but Digmine only affects Facebook Messenger’s desktop / web browser (Chrome) version. If the file is opened on other platforms (such as mobile platforms), the malware will not work properly.

Digmine encodes in AutoIt and sends it to potential victims to pretend to be video files, but is actually an AutoIt executable. If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is now limited to spreading, but it does not make sense for attackers to hijack Facebook accounts themselves. The code for this function is pushed from the Command and Control (C & C) server, which means it can be updated.

A known way of working with cryptocurrencies to mine botnets, and in particular Digmine (it is mining Monero), works as long as possible for the victim’s system. It also wants to infect as many machines as possible, which means increased hash rate and potential cybercriminal income.


Figure 1: Digmine’s attack chain

 

Read more…

We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker (비트코인 채굴기 bot) it was referred to in a report of recent related incidents in South Korea. We’ve also seen Digmine spreading in other regions such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It’s not far-off for Digmine to reach other countries given the way it propagates. Post from: Trendlabs Security Intelligence Blog – by Trend Micro Engaging post, Read More…

thumbnail courtesy of trendmicro.com

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Digmine Cryptocurrency Miner Spreading via Facebook Messenger