Facebook users vulnerable to Bitcoin-mining Trojans

Users of social networking site Facebook were warned Thursday against a new Trojan that threatens to drain their computers' power to mine for the virtual currency Bitcoins.

 

Security vendor Bitdefender said the virus spreads through private Facebook messages, supposedly from the victim’s trusted Facebook friends.

 

"It reads 'hahaha' and contains an archive called IMAG00953.zip with what seems to be a legitimate .jpg image file. It is actually a malicious Java jar file, which is executed on the machine when the user opens it," Bitdefender's Alexandra Gheorghe said in a blog post.

 

The file contains Java code and downloads DLL files from a Dropbox account, then connect to a command-and-control server.

 

Gheorghe the Trojan, first spotted in the third week of June, has been sighted in Portugal, Belgium, India, Romania and Serbia.

 

She said the malware downloads a secondary DLL from a hardcoded location, and embeds a Bitcoin miner that will start the mining process.

 

"Bitcoin mining is a small fraction of the entire affair. Cyber-criminals can modify the shellcode once every couple of hours. They can push other types of malware without the victim’s knowledge or intervention, depending on what they have in mind with their PCs," she said. — Joel Locsin/TJD, GMA News