Friday, April 12, 2024

Digmine – Cryptocurrency Mining Malware Spreading via Facebook Messenger

Malware miners are in the raise starting from this year, attackers using various social engineering and more sophisticated attacks for spreading Cryptocurrency Miners.

Security researchers spotted a new Cryptocurrency Miner spreading through Facebook messenger spotted first in South Korea and then spread to other regions.

Cryptocurrency-mining bot dubbed Digmine developed in AutoIt and the executable’s distributed as a video file, once the script executed it communicates with C&C server and downloads multiple components.

facebook Messenger cryptocurrency
Digmine only affects facebook messenger chrome version and if the file opened in any other platforms the malware will not work, if facebook set to log in automatically, it will send the link of the file to your friends.
facebook Messenger cryptocurrency

It downloads components and saves into directory “%appdata%\<username> directory” it mines Monero and it intends to stay in the system as long as possible.

It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server. If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded” says TrendMicro researchers.

Also Read Over 500 Million Users PC’s are Secretly Mining CryptoCurrency in Browser without Users Knowledge

Later its use to download the miner module “codec.exe” and it will connect to C&C for retrieving configuration files, mining component “miner.exe” is an open source Monero miner known as XMRig.

Researchers said “The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business, We disclosed our findings to Facebook, which promptly removed many of the Digmine-related links from its platform”

Indicators of Compromise (IoCs):

Hash detected as TROJ_DIGMINEIN.A (SHA256);
beb7274d78c63aa44515fe6bbfd324f49ec2cc0b8650aeb2d6c8ab61a0ae9f1d
Hash detected as BREX_DIGMINEEX.A (SHA256):
5a5b8551a82c57b683f9bd8ba49aefeab3d7c9d299a2d2cb446816cd15d3b3e9
Hash detected as TROJ_DIGMINE.A (SHA256):
f7e0398ae1f5a2f48055cf712b08972a1b6eb14579333bf038d37ed862c55909

Website

Latest articles

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Taxi App Vendor Data Leak: 300K Passengers Data Exposed

Around 300,000 taxi passengers' personal information was left exposed on the internet, causing concern...

TA547 Hackers Launching AI-Powered Cyber Attacks Targeting Organizations

TA547 has been targeting German organizations with an email campaign delivering the Rhadamanthys malware....
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles