2017- This year the cyber crime has become a harvest season. There have been several major malware and ransomware attacks this year. Moreover, new techniques are constantly being created to carry out such an attack. These attackers are easily exploiting the existing security measures with their intelligence, causing globally damaging malicious malware.
At the same time, Tokyo-based cyber security firm Trend Micro warns that the new cryptocurrency-mining bot was first seen in South Korea and is now spreading rapidly through Facebook messenger. After South Korea, this boat has spread to other countries such as Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela. If this continues, this malware will not take much time to reach other countries.
Though Facebook Messenger works on different platforms, Digmine only affects the version of Facebook’s desktop or web browser (chrome). The Trend Micro Blog said in a statement that if this file is opened on a different platform it does not work as it intended. “Digmine” is coded in AutoIt, sent to individuals identified as a victim in the form of a video file. But it is not a video file but the AutoIt executable script.
In addition, if the user’s Facebook account is set to be logged in as Automatic, “Digmine” will send the link to this file to friends accounts from that account through Facebook Messenger. At present, this “Digmine” is used for Facebook only for transmission purposes, and it is not surprising if the attacker takes over the Facebook account in the future. This code is pushing from the Command & Control (C & C) server and it is likely that the attackers will be able to change it.
Degmine and other cryptocracies mining bonnets are the most efficient way to get the most out of their victim’s computer. It is targeted to spread to more and more computers. In the blog, the hash rate increases, and the cyber criminal income increases. In addition, this malware installs registry autostart mechanisms and system infection markers. Then launch Chrome on the system launches and loads malicious browser extension from the C & C server.
If Chrome is already running this malware will end it and launch Chrome again to ensure that the extension is loaded. Usually, the extension can be hosted only by the Chrome Web Store, but this time the attackers have begun to launch Chrome through the command line.