QUOTE OF THE DAY:
“Technology is like a fish. The longer it stays on the shelf, the less desirable it becomes.” ~ Andrew Heller
BEWARE YOUR FACEBOOK MESSENGER APP MAY BE INFECTED
A cryptocurrency-mining malware is spreading via world’s popular social media IM app, Facebook Messenger.
HOW AND WHEN WAS IT DISCOVERED?
According to Trend Micro, a cybersecurity firm of Tokyo discovered a cryptocurrency mining bot in Facebook Messenger. The malware is called Digmine and first appeared in South Korea, then spread to Vietnam, Ukraine, Azerbaijan, Vietnam, Philippines, Venezuela, and Thailand. It is said to be spreading quickly to other countries as well.
HOW IS IT POSSIBLE?
If you have set your Facebook Messenger’s account to automatic login, then Digmine will send a shroud video link, mostly titled as “video_xxxx.zip,” to all your friends via direct message. If the recipient opens the file, it will execute the malware. As soon as the bot is stationed, an auto-start mechanism will open Chrome and run a malicious browser extension. Here is the catch, the browser extensions can only be downloaded from Chrome store but as Digmine is present on the device, it gives hackers potential to skip the step with a command line.
As the process is initiated and hackers have bypassed the restriction, a mining module, XMRig is downloaded onto the victim’s web browser. XMRig uses computer resources to mine Monero, a cryptocurrency. To complete the cycle, Chrome extension sends fake video links to more Facebook users. The mining bot’s goal is to stay hidden and hog precious CPU resources. Moreover, it also gives hackers the strength to take over Facebook accounts of users.
Trend Micro wrote,“The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”
The limitation to the bot is that it works only on the desktop version of FB Messenger and Chrome.
WHAT FACEBOOK HAS TO SAY?
When Facebook came to know about the Trend Micro’s research about Digmine, it has reportedly taken down many Digmine-related links.
Facebook said in a statement. “We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook and in Messenger. If we suspect your computer is infected with malware, we will provide you with a free antivirus scan from our trusted partners. We share tips on how to stay secure and links to these scanners … on facebook.com/help.”
Well, this seems to be a bit relief as Facebook is working against it. However, this might not be over yet. Hackers might tweak the links and start the reign of terror all over again. It is recommended to avoid suspicious links and tighten your security with Account’s privacy settings.
TAKE A LOOK AT HAVEN
Edward Snowden has an app, Haven, if you want to keep snoopy people away.
WHAT IS HAVEN?
Edward Snowden has developed an app, Haven, which prevents people from intruding your privacy. It is is an open-source project that Snowden developed with Freedom of the Press Foundation and Guardian Project. You will get instructions to download and install the app on Guardian Project Github page.
Haven is not a regular security app, there is much more to it. It turns your Android device into a multi-functional security gadget, using an array of inbuilt sensors.
These sensors include your Android smartphone or tablets accelerometer, camera, light sensor, microphone and ability to detect when your charger is plugged in or removed.
HOW DOES IT WORK?
Haven tracks each one of the measurable changes and records all the activities in an event log. You can access the event log through Tor Onion Service, which enables users to communicate anonymously over computer networks. The app can send out notification via Signal, a secure messaging app. It not only secures your device but also keeps an eye on other devices around it. Leave it lying on the top of a laptop, it will monitor what’s happening by using the app-bearing device’s various sensors.
For now, the app is only available for Android. Though, there is a hope that the app will be available for iOS as well.