Written by:
by Damian Jennings
Date Posted:
5 January 2018

Crypto miners spam through Facebook Messenger.

It’s strange to me how this sort of thing is still a thing. But it is. Uses of Facebook’s bloated and awful messenger were being tricked into letting crypto miners run on their machines.

Mining is very resource heavy. You need lots and lots of CPU cycles to solve the maths problems that allow you to mine. But, if you don’t want to invest in high end PCs nor pay for the ‘leccy needed to actually produce bitcoins legitimately, what are you to do?

Simple, remember back in the day all the popular viruses got spread with things pretending to be Anna Kournikova nudes? Guess what? The same thing still works today. Kinda.

Zipped files that purported to be a hilarious video file or something saucy are sent to users on Facebook’s popular, but awful, messenger service. However, when the unwitting clicked on the zip file, a Monero cryptocurrency mining bot under the name (oh so tempting) would be unleashed on the unsuspecting sap’s machine. And he or she would be pwned.

The clever people at Trend Micro security firm were waning users about this. Well done them for finding it.

Digimine essentially installs a miner (ie miner.exe) which is a slightly modded version of the popular open source Monero miner called XMRig. It runs silently in the background, so the technically challenged wouldn’t even notice it running. Assuming they’re not monitoring CPU usage.

But wait, there’s more
But it doesn’t end there. The sneaky script also adds in a malicious chrome extension that autostart and lets the baddies access your Facebook and send the same file to all your ‘friends’. They did this via a command line because Chrome *should* only let you install extensions from the Chrome Web Store.

This only worked on the desktop version of messenger. Even the desperate didn’t think your phone’s CPU cycles were worth nicking.

It was first seen in South Korea but spread to Vietnam, Azerbaijan, Ukraine, Philippines, Thailand and Venezuela. But, because of Facebook’s global presence, it’s likely to spread even further.

It’s very common for spammers to use Facebook now, so if someone sends you something that is allegedly an awfully funny cat video in a zip file, don’t click it.




No votes yet.
Please wait...

Leave a Reply

Be the First to Comment!

Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.