If you receive a message from your friend via Facebook with an attachment labelled ‘video_xxxx.zip’, do not click it.
If the name of the file weren’t already enough to tip you off, here’s what it really is. Digmine is a cryptocurrency-mining malware that, once accessed via your desktop computer, can spread itself across your Facebook contacts list.
Digging deep into Digmine
In a blog post dated December 21, Trend Micro talked about the malicious bot, which was first spotted in South Korea:
We named this Digmine based on the moniker (비트코인 채굴기 bot) it was referred to in a report of recent related incidents in South Korea.
According to the cybersecurity firm, Digmine has already reached Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. Trend Micro also warns that it could very well reach other countries in a short period of time.
With the recent wave of interest in the cryptocurrency market, drive-by cryptomining has become increasingly popular. Drive-by cryptomining involves using the CPUs of website visitors in mining digital coins. The Digmine malware specifically targets Monero, a particular type of cryptocurrency.
Digmine presents itself in the guise of the aforementioned attachment. It infects your system using Google Chrome and a malicious browser extension as soon as you open it. Normally, Chrome extensions must be downloaded from the Web Store before they can be installed. The hackers behind Digmine bypass this requirement by going through the command line. The extension in question also uses your Facebook account to spread Digmine to all your friends through Messenger.
Once Digmine finds its way to your system, it installs a modified version of the Monero mining tool XMRig. Afterwards, it immediately begins its covert cryptomining operation.
Source: Trend Micro
While still advised to be cautious, Facebook users can breathe a sigh of relief. According to Trend Micro, the extent of Facebook abuse that Digmine’s perpetrators have exhibited seems limited to just spreading the malware. It isn’t so far-fetched, though, to think that these hackers may go all the way and hack their way to Facebook users’ sensitive information. Plus, it looks like Digmine only works when you’re on a desktop PC. Mobile users appear to be safe from this malicious file, even when they open it via the Messenger app.
Still, an ounce of prevention is worth a pound of cure. And, well, if your first instinct upon seeing a file attachment named ‘video_xxxx.zip’ is to click on it, there are probably a few things you’d want to sit down and think about for a bit.