Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
1-min read

New Malware Spreading Fast Via Facebook Messenger: Report

A cryptocurrency-mining bot, named "Digmine", that was first observed in South Korea, is spreading fast through Facebook Messenger across the world.

IANS

Updated:December 26, 2017, 10:03 AM IST
facebookTwitterskypewhatsapp
New Malware Spreading Fast Via Facebook Messenger: Report
Facebook Messenger Receives WhatsApp-Like Quote And Reply Feature (Image courtesy: AP, photo for representation)
Loading...

A new cryptocurrency-mining bot, named "Digmine", that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned. After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates.

Facebook Messenger works across different platforms but "Digmine" only affects the Messenger's desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blog post. "Digmine" is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.

If the user's Facebook account is set to log in automatically, "Digmine" will manipulate Facebook Messenger in order to send a link to the file to the account's friends. The abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line. This functionality's code is pushed from the command-and-control (C&C) server, which means it can be updated.

A known modus operandi of cryptocurrency-mining botnets and particularly for "Digmine" (which mines Monero), is to stay in the victim's system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income, the blog post stated. The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.

If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.

Watch: Tech and Auto Show | Ep 24 | Honor 7X, TVS Apache RR 310, Volvo XC60 & More

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.

| Edited by: ---
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Loading...
Countdown To Elections Results
To Assembly Elections 2018 Results