Buzz
Whether you're affected or not, follow this guide now because it helps block malware on Facebook mining virtual currency. This is the latest type of malware on Facebook, specifically spreading through Facebook Messenger as messages.
In the past few days, you're probably familiar with Facebook users receiving messages in a compressed format, mainly sent by their friends. This is the latest cryptocurrency mining malware appearing on Facebook. This type of malware won't make you recover your Facebook password, but it exploits your computer to mine virtual currency, which is currently a hot trend and even spreads to your friends.
Guide to Block Cryptocurrency Mining Malware on Facebook
Firstly, Mytour will guide you on how to block cryptocurrency mining malware on Facebook on your computer because this type of malware primarily targets computers. Readers can explore more about the mechanism of this type of malware in the section below after completing the guide on how to block cryptocurrency mining malware on Facebook.
1. Block Cryptocurrency Mining Malware on Facebook
Step 1: It's straightforward to block cryptocurrency mining malware on Facebook. Firstly, press the Windows + E key combination to open Windows Explorer on your computer.
Step 2: Here, input the address C:\Windows\System32\drivers\etc and you'll find a file named Hosts.
Step 3: Next, right-click on the file and choose Open with.
And then select open with Notepad.
Step 4: In Notepad, you only need to enter the following 2 lines of addresses:
127.0.0.1 ojoku.bigih.bid
127.0.0.1 plugin.ojoku.bigih.bid
Step 5: Afterward, proceed to select File >Save As to save this file.
Note: When saving, make sure to select All Files , then click on the hosts file again and only then click Save .
This is a temporary solution to help you block cryptocurrency mining malware on Facebook. Besides this method, the best way to protect your account is to avoid clicking on unfamiliar links from friends or anyone you don't trust, websites you've never heard of, or suspicious sources.
2. Operating Mechanism of Cryptocurrency Mining Malware on Facebook Messenger
In this section, let's delve into the workings of the malware currently rampant on Facebook.
Firstly, as you may already know, this malware sends 1 compressed Zip file named video_xxxx, with x being 4 random digits. If you receive such a message, be cautious. According to experts, this type of malware is written in AutoIT language with functions that make analysis and understanding of its features challenging.
Essentially, the cryptocurrency mining malware automatically sends infected machine information to an address called ojoku, the same address we blocked in the previous section to prevent malware on Facebook mining virtual currency.
Afterwards, it will download and install a browser Extension with the function of spreading to other users through a compressed ZIP file. It becomes more dangerous when it writes to the Chrome shortcut file to load the extension onto desktop, taskbar, or program items.
Finally, it automatically restarts Chrome to execute the extension and activate another malware called 'coin miner' used to mine various cryptocurrencies, causing your machine to be constantly in a state of lag with CPU usage at 99%.
With the Mytour article, we hope to assist our readers in blocking malware on Facebook mining virtual currency, and, more importantly, never fall victim to the mentioned malware types. Protect your account by avoiding clicking on any unfamiliar links; this is the most effective defense on both Facebook and Facebook Messenger.
Additionally, when Facebook is infected with a virus, the steps to clean your account and stop sending spam messages to friends on your list are explained in the solutions for fixing a virus-infected Facebook shared by Mytour.
Also, don't forget to enable two-factor authentication for Facebook. This is another method to help you mitigate the risk of losing your Facebook account without knowing how to recover it. Enabling two-factor authentication for Facebook will prevent unauthorized access and password changes by other parties.
