How Cryptojacking Spread to Facebook, and How To Beat It

If you’re a regular reader, you may remember a few weeks ago when we covered what “cryptojacking” is.¬†Cryptojacking is when someone forces a victim’s computer’s resources to mine cryptocurrency for them. While cryptojacking doesn’t aim to destroy the victim’s computer or files, the added strain of the mining can slow down the computer or cause it to crash.

At the time, we noted that cryptojacking works mostly via websites or hackers taking over servers. A new development within crytojacking, however, shows that this new method of attack is not just a passing fad.

How Cryptojacking Invaded Facebook

This is the case of Digmine, a new attack vector that uses a combination of Facebook Messenger and Chrome to infect users. The method of attack is pretty simple: An infected Facebook account sends what appears to be a link to a video via Facebook Messenger. When the user clicks on it, Digmine will infect the user’s account and browser if they’re running Chrome. Digmine will then begin mining cryptocurrency on the victim’s computer to earn the hacker money. The newly-infected account then sends the malware link to all of the friends on that account, thus propagating the attack.


These kinds of attacks are nothing new; the computer world has seen these infected account messages for a long time. What makes this particular attack interesting, however, is what the hackers are trying to spread. By infecting Facebook accounts en-masse, the hackers aren’t trying to steal information or cause chaos. They are, essentially, casting a net to harvest cryptocurrencies from unsuspecting victims.

Avoiding the Attack

Of course, given how the attack vector has been around for a long time, avoiding the attack is very simple. Never download a suspicious-looking file sent to you over social media, no matter who the person is. If a good friend sends you a strange-looking file and you want to confirm it’s legitimate, try contacting them – preferably not on the same account that’s been hacked. If they don’t know anything about a file transfer, don’t click on it!

Why the Rise in Cryptocurrency Attacks?


As we can see, Digmine is a new form of cryptojacking that’s designed to spread into the world of social media. Reports of Digmine began to appear only a month after cryptojacking as a whole hit the news headlines. So what’s going on? Why are hackers focusing so much on cryptojacking right now?

As malware goes, cryptojacking is a great way for a cybercriminal to gain revenue. Malware that destroys hardware might be enjoyable for hackers to spread, but it doesn’t really achieve anything past some grievance of the user.

It’s totally possible to make a career out of being a cybercriminal, and some hackers are moving to methods that make them money. Ransomware is a great way to rake in some income, but it’s also a very obvious means of extracting money and causes the victim to become defensive. The subtle nature of cryptojacking means cybercriminals can make passive income from victims who don’t even know they’re being attacked!

Graph credit:

We’ve also seen a dramatic increase in the value of cryptocurrencies throughout this year. While it’s true that Bitcoin has seen a healthy jump in recent months, Digmine mines for a different cryptocurrency called Monero. So, how is Monero doing?

At the time of writing, Monero has seen a three-month jump from $95 to $385 (per 1 Monero). With Monero on the rise, people are keen to jump in as early as possible to ensure the best investment. Obviously, the best way to do this is to acquire as many miners as possible; hence, the spike in hackers trying to convert other computers into their own mining rigs.

Digging into Digmine

With cryptocurrencies on the rise, more and more cybercriminals are moving into cryptojacking to make money. Digmine is an example of a new frontier for cryptojacking, and if this trend continues, the future may be dotted with attacks that want to convert your processing power into money.

Do you think cryptocurrency-related attacks will increase in the future? Or is this all simply a flash in the pan? Let us know below!

Simon Batt Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.


  1. The common wisdom is, rightly or wrongly, because Windows is the most used PC O/S, it is the most exploited one. The same applies to Facebook. With more users than all the other social networks combined, it offers many more opportunities for exploitation. It is only a matter of time before scams are ported to FB.

    There is a simple solution to prevent cryptojacking and other exploits, Close out your FB account and quit using Chrome. Unfortunately, very few people will use this solution. They are too addicted to FB and Google products.

  2. I have to agree with Dragonmouth. Stop using “Fakebook” and Chrome. Make sure your AV is up to date and be very wary of opening anything that is not from a reputable source. Trust but verify. A simple call or text to the friend can confirm as to whether or not they sent you something of importance.

Comments are closed.