Greed leads to destruction, one’s greed can never be satisfied.Once tyrants used slaves than workers.Now like I said before history is just a repetition slavery is repeated.Now we are the slaves. Should we be slaves to these greedy monsters when we have freedom given to us by our ancestors?
If you receive a video document packed in zip archive sent by someone or your friends on your Facebook messenger just don’t click on it.
Researchers from security firm Trend Micro are caution users of a new cryptocurrency mining bot which is spreading through Facebook Messenger and targeting Google Chrome desktop users to take benefit of the recent surge in cryptocurrency prices.
Dubbed Digimine, the Monero cryptocurrency mining bot disguises as a non-embedded video file, under the name video_xxxx.zip, but is actually contains an AutoIt executable script.Once clicked, the malware infects victim’s computer and downloads its components and related settings documents from a remote command-and-control (C&C) server.
Digimine installs a cryptocurrency miner primarily, i.e. miner.exe a modified version of the open up source Monero miner known as XMRig which silently mines the Monero cryptocurrency in the backdrop for hackers using the CPU power of the infected computers.
Besides the cryptocurrency miner, Digimine bot also installs an auto start mechanism and start Chrome with a malicious extension which allows attackers to gain access to the victims’ Facebook profile and pass on the same malware document with their friends’ list via Messenger.
Since Chrome extensions can only be installed via official Chrome ONLINE STORE, the attackers bypassed this by launching Chrome (packed with the malicious expansion) via control line
“The extension will read its own configuration from the C&C server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video” Trend Micro research workers say.
“The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components.”
It’s noteworthy that users starting the malicious video document through the Messenger application on their mobile devices are not affected.
Because the miner is controlled from a C&C server, the authors behind Digiminer can upgrade their malware to include different functionalities overnight.
Digmine was initially spotted infecting users in South Korea and has since passed on its activities to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand, and Venezuela. But since Facebook Messenger is utilized worldwide, there are more chances of the bot globally being spread.
When notified by Researchers, Facebook told it had taken down most of the malware files from the social networking site.
Facebook Spam promotions are quite common. So users are advised to be vigilant when simply clicking links and data files provided via the cultural media site platform.