Bitcoin and other cryptocurrencies are gradually picking up the pace in terms of popularity. This also gave room to cybercriminals and hackers to exploit unsuspecting users and their host devices. According to reports from The Independent, security researchers at Trend Micro have discovered a mining bot, called Digmine that affects Facebook Messenger. So let’s dive in to see some more details on the matter.

Hackers Infect Facebook Messenger Users With A Malware That Mines Bitcoin Alternative Monero Cryptocurrency

As we have mentioned earlier, the malware infects Facebook Messenger in an attempt to mine cryptocurrency. Digmine is equipped with CPU resources in the background that aids in the mining of an anonymous coin called Monero. Monero is currently being traded at $350.

Be sure to note that the file has been disguised in the form of a video file named ‘video_xxxx.zip’. In addition to this, the so-called video file will come from one of your contacts. However, it is only initiated or activated through Facebook Messenger’s desktop version on Google Chrome. This means that at this stage, the mobile version of Facebook Messenger is safe.

So what does Digmine allow hackers to achieve and how? To begin with, it gives hackers and cybercriminals a backdoor access to your Facebook account. Ultimately, the malware is open to your friends’ list allowing it to spread more. By the passage of time, the multiplication goes on. As per the cybersecurity firm Trend Micro:

"If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line."

So how does it work? Primarily, Digmine installs a cryptocurrency minor by the name of miner.exe. The said tool is a modified version of the Monero cryptocoin called XMRig. This open source tool is hence responsible for mining Monero cryptocoin in the background. The profits gathered are then sent to hackers who initiated it. Trend Micro stated:

"The extension will read its own configuration from the C&C [command and control] server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video. The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components."

The Digmine bot also installs an autostart mechanism that allows Google Chrome to be launched with a malicious extension. This further makes room for hackers to access your Facebook account’s personal details. These details are then used to spread the malware through Messenger.

Facebook also told Trend Micro that it had taken down any links which are connected to the malware on the site. Further explanations state that hackers have the ability to alter these links. This would further allow them to keep targeting Facebook Messenger users by adding more code, adding additional features to the malware and more which can easily get a hold on to a person’s Facebook account.