The victim received a file called "video_xxxx.zip" from their Facebook Messenger contact. Open it will load Chrome and malicious browser extensions, the user can only download extensions from the Chrome Web Store, but hackers bypass this limit through the command line.
Once the malware infects the system, the modified XMRig software (Monero mining tool) is installed. This uses the victim's CPU to mine the cryptocurrency in the background and send all the profits back to the hacker.
In addition, the Chrome extension has also been used to increase Digmine infection rates. If someone has set their Facebook account to log in automatically, send a fake link to all of their friends via Messenger. Malware can also be used to take over Facebook accounts altogether.
But the good news is that Digimine can only run through Chrome Desktop Messenger. Now, opening a malicious file via a Facebook / Messenger application or a mobile web page will not do the same thing. After Trend Micro disclosed its findings, Facebook said it had canceled any links to Digmine. The company said in a statement: "We maintain many automated systems to help prevent harmful links and files from appearing on Facebook and Messenger. As usual, the best way to avoid malware is to avoid opening suspicious links.