Security researchers the Trend Micro cyber security firm said “Digmine” is targeting as many machines as possible, in order to earn monero for its creators
Dubbed Digmine, the Monero-cryptocurrency mining bot disguises as a non-embedded video file, under the name video_xxxx.zip (as shown in the screenshot), but is actually contains an AutoIt executable script. While Facebook Messenger runs on a number of different platforms, the script will only run properly on one of them – the Chrome web application running on a Windows system.
If you receive a video file (packed in zip archive) sent by someone (or your friends) on your Facebook messenger — just don’t click on it.
If the user’s Facebook account is set to log in automatically, the malware accesses it to send direct messages. Trend said the malware is capable of receiving updates that could see it hijack users’ Facebook accounts.
What to do?
Probably, you can spot Digimine gaining access to your Chrome browser and the system. In case you clicked an unknown video link, the malware would restart Chrome as it installs a Chrome extension. The extension could display a fake Facebook login page or some web page with a video stream while sucking cryptocoins off your machine.
If you sense that your PC is slowing down and fan speed increased, you should immediately look for some fishy extension in the browser and remove it. You can run a deep scan of your system if you think it’s affected.
There are a few things you should take care. For instance, you shouldn’t leave your account logged-in all the time, check your Facebook account’s privacy settings, think before opening and sharing a file, make sure your password is hard enough, turn on two-factor authentication, etc.