Trend Micro Inc. ,a Japanese multinational cyber security company founded in Los Angeles, published a report yesterday, stating that the company found a new cryptocurrency-mining bot spreading through Facebook Messenger.
Digmine, as it was called, appears in the chat as not a built-in video file. When the user activates the file, the so-called video downloads components from a remote server to install the Chrome extension. Then the extension uses personal Facebook data to send it to friends of the user.
Digmine mines cryptocurrency in the background, while infected users browse the Internet. The component for mining, represented as codec.exe on a PC, is a modified version of Monero Miner with open source code called XMRig. It remains in contact with the remote server while it generates Monero coins.
Digmine’s attack chain
According to Trend Micro, Digmine is spreading in many regions such as South Korea, Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela.