Digmine Facebook Messenger Miner Malware – How to Remove It

Digmine Facebook Messenger Miner Malware – How to Remove It

This article has been created to explain what exactly is the Digmine malware threat and how to remove it from your computer permanently.

Malware has evolved dramatically especially with the latest cryptocurrency trend and new type of viruses that are physically devastating for computers have appeared in the wild. The viruses aim to use the resources of your computer in order to mine for anonymous cryptocurrencies which are untraceable. One such virus is Digimine which is so evolved that it uses Facebook Messenger to infect victims. The virus can not only attack computers but also smartphones which points out to how dangerous it can be if widespread. The Digmine malware has also been reported by Trend Micro(http://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/) researchers to be initially spread in South Korea, according to latest incident reports. The virus is also spread in other regions such as Vietnam, Ukraine and Philippines as well as Thailand and Venezuela. If you believe that your device has been infected by the Digmine malware, recommendations are to focus on removing it immediately using the information provided in this article.

Threat Summary

NameDigmine Malware
TypeCryptoCurrency miner malware.
Short DescriptionEnters your computer via Facebook Messages on Google Chrome but may also enter via suspicious apps on mobile devices.
SymptomsYour computer or mobile device is heavily obstructed in terms of performance and can slow down or even break down.
Distribution MethodVia Google Chrome extensions and malicious mobile applications.
Detection Tool See If Your System Has Been Affected by Digmine Malware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Digmine Malware.

How Does Digmine Spread

In order to be spread, the Digmine malware uses a chain of activities that aim to infect your computer primarily via Google Chrome since the attack begins on Facebook Messenger if you use it on your web browser.

The main attack starting the digimne infection is a fake video sent ove in a .zip file via a user with whom you have recently become friends over on Facebook. The user may not write anything to you except send a suspicious file to your computer, like a file, named “video_4213.zip”, for example. In it there is fake .mp4 file which is actually an executable and after you open it, the infection process is initiated by Digmine. Since Digmine is in fact a downloader type of malware, it first connects to a command and control server and then drops it’s malicious files in the following Windows directory:

→ %AppData%\Your Username

Digmine Malware – Malicious Activity

Since Digimne is a downloader type of infection, the malware’s chain of activities is to firstly connect to a C&C server. From there, Digimne may drop the following files In the %AppData% directory of Windows:

  • Background.js
  • Codec.exe
  • Config.json
  • Jquery.min.js
  • Manifest.json
  • Miner.exe
  • Updater.exe

After dropping the malicious files, the virus modifies your Windows so that it may begin to automatically run the mining operation without your consent. When the mining operation has been initiated, the Digmine malware may launch Google Chrome along with a malicious extension on it that contains JavaScript code. This JavaScript aims to conduct cryptocurrency mining operation which allows for the virus to connect to a mining pool and mine the cryptocurrency Monero. This results in your computer to begin to immediately slow down. And this is not the only danger, since Digmine may perform other malicious activities as well.

The main malicious activity besides mining for Monero by using your CPU and GPU resources is to also spread furhter onto other computer by send the same fake video file via your Messenger, if installed on your PC. So if you see weird websites like the following fake video website, called “Alien Woman on Mars”, there is a good chance that you have the Digmine infection on your computer:

In addition to this, if you see that you have sent messages to your friends of a video via Facebook Messenger, it is recommended to immediately warn them not to open the .ZIP file, since this is the main method of propagation of this malware and could help preventing it to spread further.

Remove Digmine Malware Fully from Your Computer

In order to remove this malware from your PC, it is strongly advisable to focus on following the removal instructions down below. They are divided in mobile and PC removal instructions and can help you remove this malware either manually or automatically. For maximum effectiveness it is recommended to use the automatic approach and download advanced anti-malware protection in order to scan for and fully erase all malicious objects of Digmine malware from your computer or smartphone.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share