Blockchain News
Monero Mining
Botnet Infests
Facebook Messenger
as Mining Craze
A
s previously covered by Core Media,
The Pirate Bay’s Monero mining
botnet experiment, in which the
torrent index started using JavaScript code
to mine Monero using visitor’s CPUs, saw
a Monero mining craze begin, using that
same code. Its latest infected victim was oil
pipeline giant Transneft.
According
to
cybersecurity
firm
TrendMicro, the Monero mining craze
has now reached Facebook users. Security
experts report a cryptocurrency mining bot
is spreading via Facebook Messenger, in
the Google Chrome browser for desktop.
Dubbed Digmine, it was first seen in South
Korea but already spread to various countries
including Venezuela, Ukraine, and Vietnam.
Given how fast its spreading, it’ll likely show
up in other regions soon.
Digmine essentially masquerades as a link
to a non-embedded video file that, in reality,
26
Core Magazine
is an executable script. Once the file is clicked
on, the script downloads components from a
server so it can install a Chrome extension to
mine Monero. Then either streams a bogus
video or manipulates the person’s account to
send its link to their Facebook friends – if
their account is set to log in automatically.
The researchers wrote:
“A known modus operandi of
cryptocurrency-mining
botnets,
and
particularly for Digmine (which mines
Monero), is to stay in the victim’s system for
as long as possible. It also wants to infect as
many machines as possible, as this translates
to an increased hashrate and potentially
more cybercriminal income.”
Interestingly, Digmine only works on
Chrome, and on desktops. If the victim
clicks on the link using another browser or
a mobile device, it won’t work as intended.