Life Inspirations: Sushila Sable-From Waste Picker to Ambassador of Climate Change  |  Science Innovations: Killing drug-resistant bacteria  |  Technology Inceptions: Canon EOS 200D II DSLR With Dual Pixel AF  |  Teacher Insights: Exercise activates memory neural networks   |  Management lessons: BPCL Allows Women Chemical Engineers in Night Shift  |  Health Monitor: Increase in Global Alcoholism Raises Global Disease Burden  |  Parent Interventions: Obesity in Pre-Pregnancy Stage Can Affect Quality of Breast Milk  |  Higher Studies: Indian Institute of Space Science and Technology UG Admissions  |  Technology Inceptions: Now Drones to Deliver Food   |  Technology Inceptions: India to Establish One lakh Digital Villages: Ravi Shankar Prasad  |  Best Practices: FSSAI to Impose Curbs on Promoting Unhealthy Products in School Premises  |  Management lessons: E-Services Most Important in Design of Smart Tourism Organisation  |  Rajagiri Round Table: 'Draft New Educational Policy Comprehensive, Hurdles Likely in Implementation'  |  International Edu News: Estonian schools promote English  |  Technology Inceptions: Microsoft AI Helps Leading Naukrigulf.com Attract More Jobseekers, Employers  |  
  • Pallikkutam Magazine
  • Companion Magazine
  • Mentor
  • Smart Board
  • Pallikkutam Publications

December 26, 2017 Tuesday 04:50:24 PM IST

New malware spreading fast via FB Messenger

San Francisco: It will be better to uninstall your Facebook Messenger before the year end to get rid of the imminent malware threat. A new cryptocurrency-mining bot, named "Digmine", that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.

After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates.

Facebook Messenger works across different platforms but "Digmine" only affects the Messenger's desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.

"Digmine" is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the user's Facebook account is set to log in automatically, "Digmine" will manipulate Facebook Messenger in order to send a link to the file to the account's friends.


The abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line. This functionality's code is pushed from the command-and-control (C&C) server, which means it can be updated.

A known modus operandi of cryptocurrency-mining botnets and particularly for "Digmine" (which mines Monero), is to stay in the victim's system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income, the blogpost stated.

The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server. 

If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.


Comments
 


Fatal error: Uncaught Error: Call to undefined function mysql_error() in /home/pallikk1/public_html/common/func_local_db.php:10 Stack trace: #0 /home/pallikk1/public_html/php/news-details.php(415): db_functions->fn_query('SELECT news.*, ...') #1 {main} thrown in /home/pallikk1/public_html/common/func_local_db.php on line 10