Cryptocurrency mining bot spreading via Facebook Messenger in Chrome for desktop

Facebook Messenger
TechCrunch
Security firm Trend Micro reports that a cryptocurrency mining bot is now spreading through Facebook Messenger in Google’s Chrome browser for desktop. Called Digmine, it was first spotted in South Korea, and has since spread into Azerbaijan, the Philippines, Thailand, Ukraine, Venezuela, and Vietnam. The bot will likely show up in other regions soon given how fast it’s spreading.

The report doesn’t say how Digmine began spreading through Facebook Messenger, but it appears in the chat client as a non-embedded video file. When the recipient clicks on the file, the so-called video — which is actually an executable script — downloads components from a remote server to install a Chrome extension. This extension will either continue to stream a bogus video from a “decoy” website, or log onto Facebook to spread the malicious love to friends.

Typically, Chrome extensions can only be installed through the Chrome Web Store. But the Digmine setup bypasses this requirement by installing the extension through a command-line interface. During the installation process, the script will receive its configuration through the remote server, and instructions to either load the site hosting the bogus video — which contains additional configurations — or access Facebook if users have Chrome set to automatically log onto the social network.

“A known modus operandi of cryptocurrency-mining botnets, and particularly for Digmine (which mines Monero), is to stay in the victim’s system for as long as possible,” Trend Micro states. “It also wants to infect as many machines as possible, as this translates to an increased hashrate and potentially more cybercriminal income.”

While running, Digmine will silently mine for digital currency in the background as infected users surf the internet. The mining component, listed as codec.exe on the PC, is a modified version of an open-source Monero miner called XMRig. It remains in contact with a remote server as it silently generates the Monero coins.

But Digmine could be used for more than just mining Monero. Based on its design, hackers could eventually upgrade Digmine to completely hijack Facebook accounts. Since it is basically controlled by a remote “command” server, hackers could simply update the code to seize Facebook accounts accessed by infected PCs. Trend Micro provided its findings to Facebook, which immediately removed a large portion of the fake video links.

One sign of infection stems from the installation process. If you clicked on a Messenger video within Chrome, the browser will restart as the extension installs and loads. Moreover, browser-based cryptocurrency mining consumes large amounts of processing power, so your PC may feel sluggish, with your fans spinning at an unusually loud level.

In both cases, navigate to Chrome’s Customize and control button, and select More tools > Extensions in the drop-down menu. On the resulting page, trash every enabled extension that looks suspicious. Of course, the best way to avoid infection of any kind is to not click on files and links sent through Facebook Messenger. But given that friends you trust toss links back and forth every day, avoiding malware in that manner can be difficult.

Computing

Google Chrome will get a Reader Mode for distraction-free desktop browsing

If Google's testing of Reader Mode on the Chrome Canary desktop browser is successful, soon all Chrome users will gain access to this feature. Reader Mode strips away irrelevant content on a webpage for distraction-free browsing.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Computing

Federal jury convicts malware creators of hijacking 400,000 computers

Two Romanian men have been convicted by a federal jury for using malware to hijack 400,000 computers in order to steal credit card information, engage in cryptomining, and commit online auction fraud, among a number of other crimes.
Gaming

Here’s how to set up a virtual private network (VPN) on your Xbox One

Online privacy is more important now than it's ever been, and gaming is happening online more than ever before. Here's a quick guide on how to set up a VPN for your Xbox One so you game in safe anonymity.
Computing

The number pad on HP’s Chromebook 15 makes spreadsheet work a breeze

HP's Chromebook 15 comes with a 15.6-inch display, a metal keyboard deck with full-size keys, and a dedicated number pad, making it the second Chromebook model, following Acer's Chromebook 715, to be suited for spreadsheet work.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

AMD’s 2020 Ryzen CPUs could have a big boost in power efficiency

The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to deliver impressive gains to performance and power efficiency.
Computing

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.
Gaming

Transform into the ultimate leader with our tips and tricks for Civilization 6

Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you master the game's many intricacies.
Computing

The iPhone’s Screen Time and Siri Shortcuts could land on Macs this year

For its desktop computers, it appears that Apple may continue to draw from the iPhone for inspiration. iOS 12 features, like Screen Time and Siri Shortcuts, are believed to be making their way to MacOS this year at WWDC in June.
Computing

Dell slashes prices of XPS 13 and Alienware 17 laptops in latest promo

Dell's latest promotion will score you big savings on the XPS 13 or the Alienware 17. The stylish XPS 13's discount is for $430, and only the rose gold model is on sale, while gamers who choose the Alienware 17 will save $860.
Computing

Lenovo’s Yoga C930 sale drops a $650 discount on its 2TB SSD laptop

Lenovo is offering one of its 2-in-1 laptops at a $650 discount. This Lenovo Yoga C930 laptop comes with a 2TB solid-state drive, a digital pen, a fingerprint reader, and a Dolby Atmos sound bar.
Computing

You won't want to miss these deals on some of the best laptops around

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we have you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.