It’s Not Funny: Facebook Users Tricked into Bitcoin Mining

It’s Not Funny: Facebook Users Tricked into Bitcoin Mining

It’s Not Funny: Facebook Users Tricked into Bitcoin MiningHundreds of Facebook users got infected with a new Trojan secretly using their systems to mine for Bitcoins, the virtual currency that spread a global money-making fever, Bitdefender warns. Since spotted last week, the malware has seen infections in countries such as Portugal, Belgium, India, Romania and Serbia.

The virus spreads through private Facebook messages, received from one of the victim’s trusted Facebook friends. It reads “hahaha” and contains an archive called IMAG00953.zip with what seems to be a legitimate .jpg image file. It is actually a malicious Java jar file, which is executed on the machine when the user opens it.

The file contains Java code which downloads DLL files from a pre-defined Dropbox account. Once the DLLs are downloaded, they connect to a command and control server that sends back a message, as well as a base64-encoded payload (shellcode). The message reads:

“Hello people.. :) <!– Designed by the SkyNet Team –> but am not the f*****g zeus bot/skynet bot or whatever piece of s**t.. no fraud here.. only a bit of mining. Stop breaking my b***z..

The text in no way enhances how the malware works – it’s just a funny disclaimer for any analyst listening to the client-server conversation. The received shellcode, however, is injected into Windows Explorer and executed. It triggers the download of a secondary DLL from a hardcoded location. This DLL embeds, among others, the Bitcoin miner that will start the mining process meant to produce money for the cyber-crooks.

Bitcoin mining is a small fraction of the entire affair. Cyber-criminals can modify the shellcode once every couple of hours. They can push other types of malware without the victim’s knowledge or intervention, depending on what they have in mind with their PCs.

Bitdefender blocks the malware so it can’t misuse the victim’s system resources and spam other Facebook users.

This article is based on the technical information provided courtesy of Victor Luncasu, Bitdefender Malware Researcher.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.


Click here to post a comment
  • Good day! I could have sworn I’ve been to this website before
    but after looking at many of the posts I realized it’s new to me.
    Anyhow, I’m certainly delighted I found it and I’ll be bookmarking it and
    checking back often!