Beware of Monero Coin Mining Malware Digimine

December 28, 2017 by Cameron Bishop

Stealth mining is the process of employing the idle computing power to generate online income. However, this innovation is often misused by hackers and cyber criminals. Imagine installing the mining software in hundreds of thousands of computers without the knowledge of those using the systems to generate block rewards. That is what unethical stealth mining is all about.

A cyber criminal who is involved in such an act will have no need to invest in costly mining equipments or spend on electricity, but can receive block rewards in the crypto account. Such a set up was first reported in September 2017 when a popular torrent site, The Pirate Bay, was found using Coinhive’s JavaScript Monero mining software to steal the hashing power of visitors to the site, and mine Monero crypto coin without visitors’ consent. Now, a new kind of Malware was reported by Trend Micro.

According to the blog, the malware, known as Digimine, spreads through Facebook Messenger, infects the Chrome browser, auto-installs, and auto-runs a Monero miner on victims’ computer with Windows operating system.

Monero

The malware, also known as 비트코인 채굴기 bot, was coded in the AutoIt programming language. It is a freeware automation language for Microsoft Windows. The malware is posted as a downloadable video file.

The victim’s computer must run on Windows operating system and the Facebook Messenger must be opened within the Chrome web browser. Only then, the malware, which spreads under the name “video_xxx.zip”, will launch itself. The video file is transmitted in .zip format. The file will have “.mp4.exe” as extension.

Digimine was first identified in South Korea, but has quickly spread to Azerbaijan, Ukraine, Vietnam, Philippines, Venezuela, and Thailand.

The easiest way to avoid downloading the file is to remain alert as the malware spreads through human carelessness.