![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
DooKey
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,581
The good folks at Trend Micro have discovered a new cryptomining bot in the wild and it spreads through Facebook Messenger. The good news is this one won't melt down your phone or tablet and the bad news is it will infect your Chrome web browser on your desktop. If you get a video file through FM, and don't know where it's from, you might have received this critter.
Digmine is coded in AutoIt, and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.
Digmine is coded in AutoIt, and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.
