Facebook Falls Victim to Crypto Mining Malware

Hackers have figured out a way to infiltrate Facebook Messenger to carry out their crypto mining work.

Perhaps it was only a matter of time before hackers trying to mine cryptos would set their sights on the world’s most popular social media platform to carry out their work.

It has happened as reports are that hackers have tapped Facebook Messenger as a means to mine Monero digital currency. Reportedly, a crypto bot is being spread through the app that takes control of its Messenger accounts to mine the crypto.

This bot has been named Digmine, and first surfaced in South Korea, according to Lenart Bermejo and Hsiao-Yu Shih who first alerted the space to the malware infection. The pair said they’ve also seen Digmine spreading in other regions, such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. 

Furthermore, the pair said they believe that given the way Digmine propagates, “It’s not far-off” from reaching other countries. Troubling about this malware is its longevity. TrendMicro included a blog about Digmine authored by the pair. In it, they wrote:

“[It’s meant to stay] in the victim’s system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income.”

Who’s at risk?

While the Facebook Messenger works across different platforms, Digmine appears to only affect the desktop version of Messenger, and then it specifically targets Google’s web browser Chrome. It also appears that when the received file is opened on other platforms, such as on a mobile phone, the malware “will not work as intended,” according to the blog post. 

In the post, it is explained that Digmine is sent as what appears to be a video file. If the user’s Facebook account is set to log in automatically, Digmine manipulates Facebook Messenger in order to send a link to the file to the account’s friends. 

“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.”

To protect themselves from being infiltrated by this particular malware, Facebook users should be on the lookout for the following phrases and avoid clicking on them:

  • thisaworkstation.space
  • mybigthink.space
  • thisdayfunnyday.space

Facebook responds…sort of

In response to this malware that is threatening its platform, Facebook said it maintains a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. 

Other than that, it seems to not be offering much assistance when it comes to Digmine at this point. To The Telegraph, a spokesperson said:

"If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners. We share tips on how to stay secure and links to these scanners on facebook.com/help."