Bitcoin miner lurking on Facebook
Posted on 19.06.2014
Facebook users, beware: a new viral campaign aimed at saddling you with a Bitcoin mining Trojan has been spotted.

"The virus spreads through private Facebook messages, received from one of the victim’s trusted Facebook friends," explains Bitdefender's Alexandra Gheorghe. "It reads 'hahaha”' and contains an archive called 1IMAG00953.zip with what seems to be a legitimate .jpg image file."

Unfortunately, it's not. It is a Java file that is executed immediately after the user runs it, and downloads DLL files from a pre-defined Dropbox account. The files connect to a C&C server, and receive back shellcode that is injected into Windows Explorer and executed.

This allows the download of an additional DLL file that embeds a Bitcoin miner into the system and immediately puts it to work.

While a message sent along with the initial shellcode says that cyber crooks are only interested in taking advantage of the victims' computer's mining capabilities, Bitdefender researchers warn that the delivered payload can be changed every couple of hours, and the criminals could follow up with more destructive malware.

The best thing to do is, obviously, to avoid getting compromised altogether, so avoid opening this and similar messages from any source on Facebook, the Internet, or if you receive them via SMS.

So far, the Bitcoin miner has been detected infecting systems in Portugal, Belgium, India, Romania and Serbia.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //