A new viral campaign that infects computers and uses them as Bitcoin mining bots has been spotted recently on Facebook.
The virus is spread through Facebook private messages, generally received from one of the victim’s trusted friends. The victim receives a message that reads “hahaha”, along with an attachment of an archive file called 1IMAG00953.zip. Once opened, the file appears to contain a legitimate .jpg image file, however further investigation has shown that the file is actually a Java application that is immediately executed once the user clicks it.
The application downloads DLL files from a Dropbox account, connects to it’s command and control servers and then downloads shellcode that is injected into Windows Explorer. This allows the attacker to gain control of the computer and load additional files that embed a Bitcoin miner onto the system; immediately putting the victim’s CPU to work making money for the attacker.
To avoid being compromised, do not open unknown links, files or messages from any source on Facebook, the Internet, or your mobile phone.
This article is offered under Creative Commons license. It’s okay to republish it anywhere as long as attribution bio is included and all links remain intact.