Beware of contracting a cryptocurrency-mining virus from Facebook Messenger

A lurker in your DMs.
A lurker in your DMs.
Image: Eric Risberg/AP
We may earn a commission from links on this page.

A virus that borrows your computer’s processing power to mine cryptocurrency without your knowledge is spreading through Facebook Messenger, security experts at Trend Micro discovered last week. The virus, named Digmine, seems to have originated in South Korea and has also been reported in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. Given the way that it propagates, it could easily reach other countries if Facebook users aren’t careful.

Digmine messenger
Digmine propagates by sending executable scripts posing as video files to your Facebook friends via Messenger.
Image: Trend Micro

According to Trend Micro, the Digmine malware works by sending victims an executable script posing as a downloadable video file. The file is only malicious if the victim clicks on it within Facebook Messenger on Chrome’s desktop browser. When clicked on, the script sends users to a decoy video-streaming website while it downloads the malware in the background to begin mining cryptocurrency. Like most cryptocurrency-mining viruses, Digmine mines Monero, a crypto-coin optimized for maintaining the privacy of transactions, which has a current market value of $5.7 billion.

If the user’s Facebook account is set to log in automatically, it also sends the malicious file to all of the account’s friends via Messenger. The effect is that it looks like a Facebook friend has chatted you a video.

Trend Micro also warns that because of the way Digmine is built—its code is pushed from a server each time a user runs the executable script—the malware can also be updated to do more harmful things as it spreads. Though it currently only uses Facebook for propagation, it appears easy enough for hackers to modify the virus to also steal an account’s personal data.

Incidents of malware that hack computers to mine cryptocurrencies have surged six-fold this year, according to IBM Managed Security Services. They are typically designed to stay in the victim’s system for as long as possible and infect as many machines as possible. “Bigger victim pools equate to potentially bigger profits,” Trend Micro wrote. “The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising,” and makes it increasingly important to keep social media accounts secure.

In response to Trend Micro’s findings, Facebook promptly removed many of the Digmine-related links from its platform and said in an official statement that it has several systems in place to automatically scan for and remove harmful links and files from Facebook and Messenger. It also provides a free anti-virus scan if it suspects a user’s computer has been infected with malware.