Avirus that turns victims’ computers into a cryptocurrency miner without their knowledge is spreading across Facebook Messenger, security experts have warned.
The malware, named “Digmine”, affects desktop versions of the app when running on a Google Chrome browser, according to researchers at Trend Micro.
“If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends,” they wrote in a blogpost.
Crypto-mining malware works by hijacking a computer’s processing power to help generate coins and confirm transactions for digital exchanges.
Effectively, it is keeping the lights on for the blockchain, the digital ledger that keeps record of cryptocurrency like Bitcoin.
Mining a Bitcoin eats up a lot of power and so it has become lucrative for criminal gangs to infect computers en masse to do the job, earning them cryptocurrency including Bitcoin in return.
With a finite supply of 21 million Bitcoins, a handful of opportunistic individuals and organisations are making use of powerful computers to hoard as much of the supply as possible.
“The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business,” a Trend Micro spokesman said.
“And like many cybercriminal schemes, numbers are crucial—bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising.”
The virus appears to have originated in South Korea and has spread across Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. Trend Micro said it expected it to spread further, “given the way it propagates”.
Facebook said: “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger.
“If we suspect your computer is infected with malware, we will provide you with a free anti-virus scan from our trusted partners.
“We share tips on how to stay secure and links to these scanners on facebook.com/help.”
Facebook users are advised to make sure they do not click on links they do not recognise. Some of the examples included the phrase “thisaworkstation.space”, “mybigthink.space” and “thisdayfunnyday.space”.