Nigelthorn - new mining malware with same old methods

Data security experts report about the new virus which hijacks the resources of the victims’ computers to mine digital currency by using Facebook Messenger for dissemination. It also pretends to be an add-on for Chrome.

The virus which uses Facebook Messenger, poses as a Chrome browser extension, remotely mines cryptocurrency for hackers… Bitnewstoday’s periodic readers might be experiencing déjà-vu due to the striking similarity of the virus functions to FaceX Worm. Both viruses also scan the browser for cryptocurrency exchange-related activities to intercept accounts.

Regardless, there are actually some differences between the two: the Digmine mechanism is mentioned in the reports about FaceX, while NigelThorn uses CryptoNight. This makes the list of the mined cryptocurrencies different: FaceX mines only Monero, while NigelThorn is additionally capable of getting Bytecoin and Electroneum by victim outsourcing. The list of known extensions and their IDs has been posted in the blog of experts, but they note that most of them, if not all, are already deleted:

The notable disadvantage of the virus is it works exclusively on Google Chrome and is not compatible with other browsers. Note that in the future, hackers might invent variants for other browsers. The FaceX worm red flag - spontaneous Extensions tab closure - exists in this case too.

Image courtesy of iStock