Beware of Facebook Messenger. Reason being a new cryptocurrency-mining bot, named “Digmine”. As per the reports of Tokyo-headquartered Cybersecurity major Trend Micro, initially observed in South Korea, this is spreading at a rapid pace through Facebook Messenger all across the world.

After South Korea, it had spread its effect in Vietnam, Azerbaijan, Ukraine, the Philippines, Thailand, and Venezuela. Also, the way in which it is spreading is likely to reach other countries soon.


In a recent blog post by Trend Micro, even if Facebook Messenger works on different platforms, this “Digmine” only affects the Messenger’s desktop or web browser (Chrome) version. Even if the file is opened on other platforms, the malware would not work as intended.

More on Digmine:

Coded in Autolt, “Digmine” would be sent to would-be victims, posing as a video file but would be actually an AutoIt executable script.

Here, if the user’s Facebook account is set to log in automatically, “Digmine” would further manipulate Facebook Messenger in order to send a link to the file to the account’s friends.

Also, as per the Tokyo-based security consultancy, the abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which signifies that it might be updated also.

Further, Trend Micro also added that “The increasing popularity of cryptocurrency mining is drawing attackers back to the mining botnet business. And like many cybercriminal schemes, numbers are crucial — bigger victim pools equate to potentially bigger profits. The fact that they’re piggybacking on popular platforms such as social media to spread their malware is unsurprising”.

Finally, the cyber experts concluded that to avoid these types of threats, it is better to follow best practices, on securing social media accounts. So it is necessary to think before users share or post anything and of course be aware of suspicious and unsolicited messages, and enable the account’s privacy settings.