Tokyo-headquartered cybersecurity major Trend Micro has warned that the cryptocurrency-mining bot, that was first observed in South Korea, is spreading fast across the world, and has now reached Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand and Venezuela.
"We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker it was referred to in a report of recent related incidents in South Korea," Lenart Bermejo and Hsiao-Yu Shih of Trend Micro said in a blog post.
"Digmine" only affects the Messenger's desktop or web browser (Chrome) version. The malware will not work as intended if the file is opened on other platforms.
If the user's Facebook account is set to log in automatically, "Digmine" will manipulate Facebook Messenger in order to send a link to the file to the account's friends.
The bot may also install a registry autostart mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.