As Bitcoin and other cryptocurrencies have skyrocketed in value this year, the number of malware and ransomware infections related to crypto have increased too. The latest in this series of infections is called DigMine.
Malware infections can have effects ranging from hijacking your machine to spread the virus to disabling a device completely like BrickerBot, which we covered in a post earlier this year. Attackers can have motivations ranging from money, like the creator(s) of WannaCry to forcing new standards like the creator(s) of BrickerBot.
How does it spread?
DigMine spreads via Facebook Messenger, specifically the desktop application when operated through Google Chrome. In order to infect a new user, an infected machine takes over the user’s friend list and sends a contagious video link to their messenger account. If they open the video while surfing from Chrome and using Messenger, then they will be infected.
According to EWeek, no other platforms seem to be vulnerable at this time. DigMine is known to be present in South Korea, Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela, as reported by Money Control.
What does it do?
DigMine hijacks machines to mine a cryptocurrency called Monero. This cryptocurrency seems to be more favorable than bitcoin due to improved privacy standards, which allows the perpetrators to take their funds and dump them onto the market with lower odds of being caught.
One of the most prominent side effects of the malware is significantly slower computer operation. This could easily be confused with non-related virus infections, memory leaks, rogue processes, and other factors.
Having said that, Monero is not only used by criminals, but also by cryptocurrency industry users who prefer to have a bit more financial anonymity. Monero uses “ring signatures”, this essentially means that financial transactions are mixed together all at once, making tracking down transaction routes nearly impossible by current standards.
How can I get rid of it?
Facebook has taken steps to remove the infected video links from messenger, but for those who are already infected, this offers no comfort. Thankfully, the malware program has already been identified, and, according to Tokyo-based cybersecurity firm Trend Micro, Facebook is offering free virus scans for users who may have been infected.