Bitcoin miner lurking on Facebook
Posted on 19.06.2014
Facebook users, beware: a new viral campaign aimed at saddling you with a Bitcoin mining Trojan has been spotted.

"The virus spreads through private Facebook messages, received from one of the victim’s trusted Facebook friends," explains Bitdefender's Alexandra Gheorghe. "It reads 'hahaha”' and contains an archive called 1IMAG00953.zip with what seems to be a legitimate .jpg image file."

Unfortunately, it's not. It is a Java file that is executed immediately after the user runs it, and downloads DLL files from a pre-defined Dropbox account. The files connect to a C&C server, and receive back shellcode that is injected into Windows Explorer and executed.

This allows the download of an additional DLL file that embeds a Bitcoin miner into the system and immediately puts it to work.

While a message sent along with the initial shellcode says that cyber crooks are only interested in taking advantage of the victims' computer's mining capabilities, Bitdefender researchers warn that the delivered payload can be changed every couple of hours, and the criminals could follow up with more destructive malware.

The best thing to do is, obviously, to avoid getting compromised altogether, so avoid opening this and similar messages from any source on Facebook, the Internet, or if you receive them via SMS.

So far, the Bitcoin miner has been detected infecting systems in Portugal, Belgium, India, Romania and Serbia.









Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //