Lookout for ‘Digmine’ Malware spreading through Facebook Messenger

"Digmine" only infects the Messenger's used in Google Chrome desktop browser...

Recent reports from Tokyo based cybersecurity organization Trend Micro states that a cryptocurrency mining bot is currently expanding via Facebook Messenger. The mining bot is named as Digmine which was initially observed in South Korea and now has spread out to various countries such as Philippines, Azerbaijan, Venezuela… Depend on its current growth pace the bot probably will appear in several other regions shortly. The cybersecurity firm also stated that this bot merely strikes the Messenger’s computer desktop and messenger working in Google’s Chrome browser. The bot will not function as it designed in other platforms of the messenger.

The reports from Trend Micro doesn’t define how the bot started sprawling through messenger. Digmine is AutoIt executable program which is delivered to people through messenger disguised as a video clip. Whenever a user clicked on this file it will immediately download extracts from a far away host system to deploy a Chrome browser add-on and continue to spread the malware. Normally, We can only download Chrome add-on via Chrome Web Store. But the Digmine system avoids this prerequisite by setting up the add-on by a command-line interface. If the user’s Facebook account is defined to sign in automatically, “Digmine” will control Facebook Messenger with an intention to deliver a web link to the file to the other individuals(friends) in the account.


Once it gets into a computer the Digmine will start functioning and will quietly mine for digital currency in the background as victim browse the web. In Desktop computers the mining ingredient, outlined as codec.exe which is an improved form of an open-source Monero miner known as XMRig. For now the malware is only meant to spread the crypto bot to various computers but in the long run, If wanted hackers can also take over Facebook accounts entirely by simply upgrading Digmine from a remote command server.

You can check your system to make sure that it is not infected by this Digmine malware. If your PC is infected it will show signs such as Chrome browser restarting automatically, slow running PC, Noisy spinning computer fans etc. If you find these signs go to your Chrome’s extensions panel and delete all unwanted and doubtful add-ons and afterward be careful while clicking videos and links received through Facebook messenger.

Source Trend Micro Blog

Comments are closed, but trackbacks and pingbacks are open.