This latest threat was discovered by researchers at Trend Micro, and makes use of Facebook Messenger. If you get a message containing an embedded video file saved as a zip (the file name usually appears as “video_xxxx.zip”), don’t click on it, even if it’s from someone you know.
This file is a modified form of a legitimate piece of software called “XMRig”, an open source project that allows users to mine the cryptocurrency called Monero.
When the user clicks on this poisoned version, it will direct them to a website controlled by the hackers, in addition to quietly installing the corrupted software in the background. Once installed, the hackers put the infected PC’s processor to work for them, creating a distributed network of hash power to solve advanced cryptographic puzzles and generate new Monero “coins” for themselves.The hackers have gone to some lengths to mask their true intentions. The site appears to be a video streaming service, and users who click on the embedded file will actually see a video playing. Of course, the website is also part of the C&C structure.
There are several intriguing things to note about this new threat:
- It only affects people who use the Google Chrome web browser
- It only affects PCs and Laptops. Smartphones are not impacted in any way
- The miner software is actually controlled via the C&C server, meaning that the hackers can upgrade their malware, adding new functionality in the blink of an eye
So far, the virus has been spreading mostly in south east Asia, but has also begun appearing in the Ukraine and Venezuela. Given the global nature of Facebook’s user base, this is wholly unsurprising, so be on the lookout for it. Don’t click embedded files in Messenger, even if you think you know the sender.