Listen Up "Coinminer" bitcoin-mining malware on Facebook Messenger!

jeallen01

Specialist Contributor
Joined
Oct 12, 2003
Messages
6,674
Reaction score
2,630
Points
113
My Satellite Setup
See Signature
My Location
Somewhere in England (possibly?)!
Just become aware that Facebook Messenger can be carrying the "Coinminer" malware which is a bitcoin-harvesting malware download (and includes “Eldorado” in the filenames). The attached article here

The filename version mentioned in the article is not quite the same as the one which is continually being picked up by System Mechanic’s “System Shield” malware scanner on SWMBO’s W10 Home m/c, and then blocks and reports it like this:
1540925921126.png

However, the article is a year old and “things evolve”

This only “showed up” after I enabled System Shield, and was/is not caught by Norton Security Premium or the free version of MalwareBytes !

BTW, at the end of the article, there are some illustrations of how the malware appears in the Processes list as “worker.exe” – and grabs 100% of CPU time!! Luckily it’s not there on her m/c.

PS: Not on any other m/c here as I rarely use Faceboook and have never used Messenger!
 

Lazarus

Retired Moderator
Joined
May 29, 2009
Messages
27,078
Reaction score
8,664
Points
113
My Satellite Setup
80cm Motorised.
Several small Dishes.
Much else.
My Location
North York Moors
This is still a downside of Windows ..... much as I like my Win 10 Tablet, it does require intervention with various tools to keep it clean. Fortunately (so far, at least) my Mint and Lubuntu equipped devices just "work".
 

Topper

Amo Amas Amant Admin
Staff member
Joined
Nov 18, 2004
Messages
23,991
Reaction score
4,014
Points
113
Age
69
My Satellite Setup
Has gone to a good home elsewhere
My Location
Blackburn, Lancashire
Yes there are lots of nasties out there, I am just recovering from my phone and laptop being attacked by something, I have had to reset both however, despite having backups the issue is determining if restoring data is going to reinfect.
 

rolfw

Believe it when I see it Admin.
Staff member
Joined
May 1, 1999
Messages
38,292
Reaction score
1,615
Points
113
My Satellite Setup
Technomate 5402 HD M2 Ci, DM7000s, Transparent 80cm Dish, Moteck SG2100 DiseqC motor, lots of legacy gear. Meters: Satlook Digital NIT, Promax HD Ranger+ spectrum analyser.
My Location
Berkshire
Don't think there's anything in Facebook Messenger, but people do share links via messenger which host malware.
 

Smormad

New Member
Joined
Jul 17, 2020
Messages
8
Reaction score
5
Points
3
Age
27
My Satellite Setup
180E Intelsat 18
My Location
USA
You can get those a lot online now because everything is filled with viruses.
 

Terryl

Specialist Contributor
Joined
Apr 14, 2011
Messages
3,246
Reaction score
1,932
Points
113
Age
82
My Satellite Setup
OpenBox X5 on a 1 meter motorized dish.
And now a 10 foot "C" band dish.

Custom built PC
My Location
Deep in the Boonies in the central Sierra Nevada mountains of California.
This is another reason I don't use Farcebook....
 

jeallen01

Specialist Contributor
Joined
Oct 12, 2003
Messages
6,674
Reaction score
2,630
Points
113
My Satellite Setup
See Signature
My Location
Somewhere in England (possibly?)!
This is another reason I don't use Farcebook....
Unfortunately, I "need" to use F/B for a very few things (local U3A Computer Club, and a couple of relatives who just "don't know any better") - but I limit that to the absolute minimum - even my profile has the absolute minimum of info, and some of that is deliberately "incorrect" and thus resulting in me getting birthday "congratulations" on totally the wrong date:-rofl2
 

Analoguesat

Administrator
Staff member
Joined
Jul 26, 2003
Messages
50,739
Reaction score
11,220
Points
113
Location
Scottish Borders
My Satellite Setup
TM 5402HD
Sky+ UK.
My Location
Scottish Borders
Unfortunately, I "need" to use F/B for a very few things (local U3A Computer Club, and a couple of relatives who just "don't know any better") - but I limit that to the absolute minimum - even my profile has the absolute minimum of info, and some of that is deliberately "incorrect" and thus resulting in me getting birthday "congratulations" on totally the wrong date:-rofl2

Anyone who uses fb should have facebook purity installed on their browser, and set it aggressive.
 

Lazarus

Retired Moderator
Joined
May 29, 2009
Messages
27,078
Reaction score
8,664
Points
113
My Satellite Setup
80cm Motorised.
Several small Dishes.
Much else.
My Location
North York Moors
Absolutely - it makes a world of difference.
 

Topper

Amo Amas Amant Admin
Staff member
Joined
Nov 18, 2004
Messages
23,991
Reaction score
4,014
Points
113
Age
69
My Satellite Setup
Has gone to a good home elsewhere
My Location
Blackburn, Lancashire
This is another reason I don't use Farcebook....
With all due respect there are many websites whose primary landing page contain sniffers and injectors of malware, my ISP landing page had one for a few hours last week, it has nothing at all to do with Facebook which provides a valid service to millions of people who live in different places in the world on differing time zones, whilst I accept that it may not be for everyone, that is not really a valid reason to 'diss' it for everyone else and I agree FB purity is the best way to go with FB.
 

Smormad

New Member
Joined
Jul 17, 2020
Messages
8
Reaction score
5
Points
3
Age
27
My Satellite Setup
180E Intelsat 18
My Location
USA
There is a way to keep yourself protected online. What works for me is Auslogics. I learned about it when I looked online for a malware solution. It is really easy to use and install. You go to https://thinkmobiles.com/blog/best-registry-cleaner-tools and download it first. After that you install it and run it to scan your PC for the bad stuff. After scanning it will delete everything that is not needed. It is really cheap and much better than a free version of antivirus which is almost useless. You can never fully protect, but you can stop it a little bit.
 

Topper

Amo Amas Amant Admin
Staff member
Joined
Nov 18, 2004
Messages
23,991
Reaction score
4,014
Points
113
Age
69
My Satellite Setup
Has gone to a good home elsewhere
My Location
Blackburn, Lancashire
There is a way to keep yourself protected online. What works for me is Auslogics. I learned about it when I looked online for a malware solution. It is really easy to use and install. You go to https://thinkmobiles.com/blog/best-registry-cleaner-tools and download it first. After that you install it and run it to scan your PC for the bad stuff. After scanning it will delete everything that is not needed. It is really cheap and much better than a free version of antivirus which is almost useless. You can never fully protect, but you can stop it a little bit.
Sounds like you are on commission to me, but I'll let it go for this one, any further free advertising will be dealt with as per the rules, which of course you diligently read when you signed up
 
Top