- Apr 25, 2013
- 5,355
Hundreds of Facebook users from Portugal, Belgium, India, Romania, Serbia and other countries got infected with a new Bitcoin mining Trojan.
Social media represents a privileged target for cybercrime, the last threat that is menacing Facebook users is a new malicious campaign which spread a Trojan with mining capabilities.
In reality the attackers exploit the a Java file, masquerade as a legitimate .jpg image, to download DLL files from a pre-defined Dropbox account. The files contact the Command and Control server to receive back shellcode that is injected into Windows Explorer and executed. The shellcode is base64-encoded payload, the message reads:
“Hello people..
<!– Designed by the SkyNet Team –> but am not the f*****g zeus bot/skynet bot or whatever piece of s**t.. no fraud here.. only a bit of mining. Stop breaking my b***z..
The shell code triggers the download of a secondary DLL from a hardcoded location that embeds a Bitcoin miner that will start the mining process immediately
Full Article
Social media represents a privileged target for cybercrime, the last threat that is menacing Facebook users is a new malicious campaign which spread a Trojan with mining capabilities.
In reality the attackers exploit the a Java file, masquerade as a legitimate .jpg image, to download DLL files from a pre-defined Dropbox account. The files contact the Command and Control server to receive back shellcode that is injected into Windows Explorer and executed. The shellcode is base64-encoded payload, the message reads:
“Hello people..
The shell code triggers the download of a secondary DLL from a hardcoded location that embeds a Bitcoin miner that will start the mining process immediately
Full Article