Being immensely popular, Facebook hosts the largest number of technology challenged people on the planet, making it an easy platform to disseminate malware. According to The Independent, security researchers at Trend Micro have discovered malware that infects Facebook messenger with a cryptocurrency mining bot. The bot, dubbed Digimine, harnesses the CPU in the background to mine Monero.
The malware is disguised in a video file using the name video_xxxx.zip coming from someone in the user's contacts list whose machine has already been compromised. It is activated only via the desktop version of Messenger on Google Chrome and does not affect mobile versions.
The Digimine bot primarily installs a cryptocurrency miner called miner.exe which is a modified version of a Monero miner known as XMRig. This malicious software mines the Monero cryptocurrency in the background, sending profits to hackers.
The bot also installs a backdoor, that is an auto-start mechanism which launches Chrome with a malicious extension that allows the attackers to access the Facebook profile of the user and send the malicious video file to their contacts lists, spreading the malware even further.