It is already known the propagation of certain malware that is installed in the Chrome browser and executes a Monero miner in the computers with Windows operating system of the victims. This malware is spread through social networks such as Facebook, specifically through the Messenger of that social network.
Stealth mining is a new innovation to generate income online that has been abused and used in a very unethical way. It became known in high profile in September 2017 when it was discovered that a popular torrent site, The Pirate Bay, used Coinhive’s Monero JavaScript mining software to secretly take the CPU power of site visitors to extract the monero cryptocurrency without the consent of visitors.
Mining cryptography is traditionally done on the computer itself. Those who continue to abuse this method of mining without the consent of individuals install mining software on many computers without their owners knowing it, thus increasing the power of hash and using those machines (and their electricity) to ensure the rewards en bloc they are credited to the abuser’s account. Literally it’s like having slaves, making others work for you without compensating them.
A quote from the Malwarebytes website raises a position on this:
“We do not claim that CoinHive is malicious, or even necessarily a bad idea.” The concept of allowing people to opt for an alternative to advertising, which has been plagued with everything from false news to malicious advertising, is noble. that’s another story. “
Digimine bot
In the case at hand, this bot was encoded in the AutoIt programming language. It is presented as a video file, but it is actually an executable AutoIt script. To be able to operate requires a couple of concurrent conditions: First, the victim must be using the Windows operating system and second, the victim must be using Facebook Messenger in the Google Chrome web browser (and must have previously logged in to their Facebook account).
The bot spreads to other victims by accessing users’ Facebook Messenger accounts through the Chrome browser and sending a link disguised as a video file with the file name “video_xxxx.zip” to the Facebook friends of that account through Messenger. If the link is clicked, the malware is downloaded to the victim’s computer and the Windows registry is altered to automatically run the malware. Then, the malware installs the Chrome extension through the command line that runs Monero miner and also spreads by sending a new link in a message to all the friends of the new victim on Facebook. And so on virally.
According to the company Trend Micro, who presented a report about it on December 21, Digimine was first observed in South Korea, but has spread rapidly to Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela.
However, the spread of this malware depends fundamentally on human errors based on carelessness. If you notice the content of the message that contains the video, the .zip file has an extension that says “.mp4.exe”. But as often happens, people do not always have time to carefully observe their messages and click on the links without first checking them.
It is important to keep in mind that the best defense against the massive spread of these malwares is to raise awareness. Although there are already several browser extensions to block these sneaky miners, always the rational and prudent attitude will help to prevent discomfort and damage to computers.