The virus is installed via the Chrome browser.
The company Trend Micro has recorded a new campaign in which criminals distribute miner cryptocurrency Monero called Digminer through the app for instant messaging Facebook Messenger
It is noted that the campaign is aimed against users from Ukraine, Azerbaijan, Vietnam, South Korea, Philippines, Thailand and Venezuela.
A malicious program disguised as a video file with the title video_xxxx.zip where xxxx is a random set of numbers. Many users this week noticed that it came in a personal files. Inside the archive contained malware Digminer.
According to experts, Digminer only affects the desktop version of Facebook Messenger for Chrome. If the file opens in the mobile version of the messenger, the virus does not work.
Getting on the computer, Digminer associated with the server from which downloads and installs a cryptocurrency miner and Chrome extension. Then activates AutoPlay. While the miner is engaged in mining cryptocurrency, the extension sends the victim message with virus.
This system only works if the browser saved credentials to log into the Facebook account. Otherwise the extension will not be able to access the interface of the messenger and send spam.
The Chrome extension can be downloaded only from the official catalogue of the Chrome Web Store, but attackers have bypassed this condition. To install malicious extensions they are using booting via the command line.
See also: Facebook Messenger has set a record for number of users
While the campaign only affected Windows users. Trend Micro has informed Facebook about the issue, and the company has removed malicious links in messages, however, according to experts, this has not solved the problem finally: attackers can change the distribution method of malware and launch a new campaign.
© 2017 – 2019, paradox. All rights reserved.