Digmine only affects Facebook Messenger's desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.
A new cryptocurrency-mining bot, named "Digmine", that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.
After South Korea, it has since spread in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela. It is likely to reach other countries soon, given the way it propagates.
Facebook Messenger works across different platforms but "Digmine" only affects the Messenger's desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.
"Digmine" is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script.
If the user's Facebook account is set to log in automatically, "Digmine" will manipulate Facebook Messenger in order to send a link to the file to the account's friends.
The abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line. This functionality's code is pushed from the command-and-control (C&C) server, which means it can be updated.
A known modus operandi of cryptocurrency-mining botnets and particularly for "Digmine" (which mines Monero), is to stay in the victim's system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially
more cybercriminal income, the blogpost stated.
The malware will also perform other routines such as installing a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.
If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.
// $( "http://www.digit.in/" ).insertAfter('.inside-container p:eq(0)');
//});#}
//method to trunkate the text
function shorten(text, maxLength) {
var ret = text;
if (ret.length > maxLength) {
ret = ret.substr(0,maxLength-3) + "...";
}
return ret;
}
$(function(){
//function to put utm on DontMiss links
/*if(isDesktop()){
$('div.dontMiss > a').each(function(){
$(this).prop('href', $(this).prop('href')+'?utm_source=within_article&utm_medium=desktop&utm_campaign=related');
//trunkate dont miss content
var sub = shorten($(this).html(),47);
$(this).html(sub);
});
}else{
$('div.dontMiss > a').each(function(){
$(this).prop('href', $(this).prop('href')+'?utm_source=within_article&utm_medium=mobile&utm_campaign=related');
});
}*/
//disabled method to append dontmiss links to page content by Mayank
/*$('div.dontMiss > a').each(function(index){
//loop over each list item
// if(index%2 > 0){
// index = index - 1;
// }
if($('.inside-container > p:eq('+index+')').length){
if(isDesktop()){
$('.inside-container > p:eq('+((index * 2) + 1)+')').append('
Related: ' + $(this).html() + '' );
}else{
$('.inside-container > p:eq('+((index * 2) + 1)+')').append('
Related: ' + $(this).html() + '' );
}
}
});*/
$('div.dontMissArea').hide();
/* if(isDesktop()) {
$('div.dontMissArea').hide();
}else{
$('div.dontMissArea').show();
} */
/*
* ga event tracking on page scroll start and end by Mayank
*/
// Debug flag
var debugMode = false;
// Default time delay before checking location
var callBackTime = 100;
// # px before tracking a reader
var readerLocation = 150;
// Set some flags for tracking & execution
var timer = 0;
var scroller = false;
var endContent = false;
var didComplete = false;
// Set some time variables to calculate reading time
var startTime = new Date();
var beginning = startTime.getTime();
var totalTime = 0;
// Get some information about the current page
var pageTitle = document.title;
// Track the aticle load -- disabled
if (!debugMode) {
// ga('send', 'event', 'Reading', 'ArticleLoaded', pageTitle, {'nonInteraction': 1});
// console.log("ga('send', 'event', 'Reading', 'ArticleLoaded', pageTitle, {'nonInteraction': 1}");
} else {
alert('The page has loaded. Woohoo.');
}
// Check the location and track user
function trackLocation() {
bottom = $(window).height() + $(window).scrollTop();
height = $(document).height();
// If user starts to scroll send an event
if (bottom > readerLocation && !scroller) {
currentTime = new Date();
scrollStart = currentTime.getTime();
timeToScroll = Math.round((scrollStart - beginning) / 1000);
if (!debugMode) {
ga('send', 'event', 'Reading', 'StartReading', pageTitle, timeToScroll, {'metric1' : timeToScroll});
} else {
alert('started reading ' + timeToScroll);
}
scroller = true;
}
// If user has hit the bottom of the content send an event
if (bottom >= $('.inside-container').scrollTop() + $('.inside-container').innerHeight() && !endContent) {
currentTime = new Date();
contentScrollEnd = currentTime.getTime();
timeToContentEnd = Math.round((contentScrollEnd - scrollStart) / 1000);
if (!debugMode) {
if (timeToContentEnd = height && !didComplete) {
currentTime = new Date();
end = currentTime.getTime();
totalTime = Math.round((end - scrollStart) / 1000);
if (!debugMode) {
ga('send', 'event', 'Reading', 'PageBottom', pageTitle, totalTime, {'metric3' : totalTime});
} else {
alert('bottom of page '+totalTime);
}
didComplete = true;
}
}
// Track the scrolling and track location
$(window).scroll(function() {
if (timer) {
clearTimeout(timer);
}
// Use a buffer so we don't call trackLocation too often.
timer = setTimeout(trackLocation, callBackTime);
});
});
}
});
[ad_2]
Source link
By,
Mr. Service,
Mobile, Laptop and Desktop Repair,
Kancheepuram.
0 comments:
Post a Comment