Bitcoin miner lurking on Facebook
Posted on 19.06.2014
Facebook users, beware: a new viral campaign aimed at saddling you with a Bitcoin mining Trojan has been spotted.

"The virus spreads through private Facebook messages, received from one of the victimís trusted Facebook friends," explains Bitdefender's Alexandra Gheorghe. "It reads 'hahahaĒ' and contains an archive called with what seems to be a legitimate .jpg image file."

Unfortunately, it's not. It is a Java file that is executed immediately after the user runs it, and downloads DLL files from a pre-defined Dropbox account. The files connect to a C&C server, and receive back shellcode that is injected into Windows Explorer and executed.

This allows the download of an additional DLL file that embeds a Bitcoin miner into the system and immediately puts it to work.

While a message sent along with the initial shellcode says that cyber crooks are only interested in taking advantage of the victims' computer's mining capabilities, Bitdefender researchers warn that the delivered payload can be changed every couple of hours, and the criminals could follow up with more destructive malware.

The best thing to do is, obviously, to avoid getting compromised altogether, so avoid opening this and similar messages from any source on Facebook, the Internet, or if you receive them via SMS.

So far, the Bitcoin miner has been detected infecting systems in Portugal, Belgium, India, Romania and Serbia.


Critical flaw in WiFi routers puts hotels and millions of guests at risk

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Mar 30th