Digmine cryptocurrency botnet spreading through Facebook Messenger
Facebook Messenger is the launching pad for a new Monero-cryptocurrency mining bot called Digmine that so far is hitting only a small sampling of nations around the world.
Trend Micro is reporting that Digmine, which is written in autolt, poses as a video file but is actually an AutoIt executable script. When it comes across a Facebook account that is set to auto log in the user, Digmine is able to co-op Messenger to send the malware to the account owner's friend list. The fact that the miner is controlled from a command-and-control server means its authors or distributors can update it at will, potentially making it more dangerous in the future.
“The abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line,” said Lenart Bermejo and Hsiao-Yu Shih.