Can Cryptocurrency-Mining Malware Spreads via Facebook

Cryptocurrency-Mining Malware Spreads

Drive-by crypto mining is becoming immensely popular in not the so popular sense whether it is by choice or through hacks. The increasing price and popularity of cryptocurrencies have seen many websites stealthily mine Monero using visitors’ CPUs. But this newly discovered mining malware is even more harmful, as its being spread through Facebook Messenger.

Cybersecurity organization Trend Micro initially discovered the bot, which it has named Diamine, in South Korea. It has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela.

How this Facebook Virus spreads?

The victims get a file namely ‘video_xxxx.zip’ from one of their Facebook Messenger contacts. After clicking on this link it will open and load Chrome along with a malicious browser extension. Mostly this extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Tip use best Browser hijacker removal tool to secure your data.

Once the malware has crept into the system it starts infecting your system, a modified version of XMRig—a Monero mining tool—is installed. Once installed this mines the cryptocurrency in the background using a victim’s CPU, sending all profits to the cyber hackers.

To make matter worst, this malicious malware takes over by the server includes stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the net page for mining cryptocurrency, and redirecting victims to the attacker’s referral link for cryptocurrency-related referral programs.

How Does the Malware Work?

Once installed, this malware opens up in Chrome extension downloads more modules from it is connect to the command and control server to perform various nasty tasks.

“This malware is a replica of a normal Chrome extension but injected with shortcode containing its main routine. It also tries to target additional JavaScript code from the C&C server when the browser is opened,” the researchers said.

“Every time a new web page is opened by the victim, this Facebook malware will connect its C&C server to find and retrieve another JavaScript code (hosted on a Github repository) and execute its behaviors on that webpage.”

This extension takes permissions for all the extension, during the time of installation, the crypto mining malware can access or modify data for any websites the user opens.

Here below I have listed a brief outline of what Malware can perform:

To hijack the computer, to enter itself in the computer this crypto mining malware requests access token from the Facebook account of the victim, using which it then automatically get into the victim’s friend list and starts sending malicious emails fake YouTube video link to them as well.

It gets access into the victim’s computer and be successful, it detects and steals the user’s account credentials for Google, MyMonero, and Cognitive, when the malware detects that the victim has opened the target website’s login page.

This harmful malware also injects cryptocurrency mining to gain money into all the web pages which are opened by the victim, which utilizes the victim computer’s CPU power to mine Cryptocurrency for attackers. Use Best and Free anti-malware software to rid malware from your computer.

Our recommendation

To tempt the customer there are many free and paid anti-malware software online to choose from, the free version will help you scan and detect a small amount of malware whereas the paid version completely cleans and optimize your computer.

Our best free tool called Malware Crusher removes all regular threats from your Windows PC and makes sure that all infected windows resources are placed with safer versions. It deeply scans your PC for any malicious program that might have got into your computer and also helps to detect any suspicious behavior on your computer. Removes all malicious and infected files from your PC and keeps a record of all the malicious programs deleted. You can choose when and what essential programs to restore at a later time.

Leave a Reply

Your email address will not be published. Required fields are marked *