Bitcoin miner lurking on Facebook
Posted on 19.06.2014
Facebook users, beware: a new viral campaign aimed at saddling you with a Bitcoin mining Trojan has been spotted.

"The virus spreads through private Facebook messages, received from one of the victim’s trusted Facebook friends," explains Bitdefender's Alexandra Gheorghe. "It reads 'hahaha”' and contains an archive called with what seems to be a legitimate .jpg image file."

Unfortunately, it's not. It is a Java file that is executed immediately after the user runs it, and downloads DLL files from a pre-defined Dropbox account. The files connect to a C&C server, and receive back shellcode that is injected into Windows Explorer and executed.

This allows the download of an additional DLL file that embeds a Bitcoin miner into the system and immediately puts it to work.

While a message sent along with the initial shellcode says that cyber crooks are only interested in taking advantage of the victims' computer's mining capabilities, Bitdefender researchers warn that the delivered payload can be changed every couple of hours, and the criminals could follow up with more destructive malware.

The best thing to do is, obviously, to avoid getting compromised altogether, so avoid opening this and similar messages from any source on Facebook, the Internet, or if you receive them via SMS.

So far, the Bitcoin miner has been detected infecting systems in Portugal, Belgium, India, Romania and Serbia.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th