Facebook bans cryptocurrency, ICO ads to ensure greater user security

1. Facebook has banned advertisements related to cryptocurrency, binary options and initial coin offerings (ICOs), calling them misleading.
2. Rob Leathern, FB's product management director, announced the decision through a blog post on Wednesday.
3. The move is part of the social media giant's new policy to "improve the integrity and security" of its financial product and services ads.

Why?
No place on Facebook for scammers, deceptive ads

In his blog post Leathern says the new ad policy "prohibits ads that promote financial products and services that are frequently associated with misleading or deceptive promotional practices, such as binary options, ICOs and cryptocurrency."

He goes on to say that FB wants its users to continue to learn about new products and services through its ads "without fear of scams or deception."

Users can report fraudulent ads-

Ads, not in sync with the company's new policy, are now banned on Facebook's core app and all other places (such as Instagram and Audience Network) where FB sells ads. Users can report ads they feel are deceptive by clicking on its upper right-hand corner.

Details-

Facebook to further work on new ad policy

The growing popularity of ICOs and cryptocurrencies like Bitcoin, Litecoin and Ethereum has led to several fraudulent practises, forcing FB to make its latest move.

Since the new policy is "intentionally broad", Facebook plans to revisit it on getting better at detecting and removing misleading ads.

The tech major has also urged users to report all content they find in violation with its norms.

Details-

Facebook allows certain sensitive financial ads but with restrictions

Interestingly, Facebook allows ads for certain controversial financial products/services albeit with some restrictions.

For instance, it demands a "written permission" for any sort of gambling or gaming service that involves real money.

Moreover, "deceptive/misleading" student loan ads can't feature on its platform.

FB also makes it mandatory for advertisers of such services to target only those users older than 18 years.


No more cryptocurrency and ICO ads on Facebook Credits:

Facebook has banned advertisements related to cryptocurrency, binary options and initial coin offerings (ICOs), calling them misleading.

Conflict of interest

Some FB board members are prominent crypto backers-

Meanwhile, it is yet to be seen how this new FB policy is received by the tech giant's board of directors, some of whom are known crypto backers. Marc Andreessen and Peter Thiel are two such who have major investments in cryptocurrency.

Furthermore, FB Messenger chief David Marcus is a board member at Coinbase, a popular crypto exchange.

Hackers are using your Facebook Messenger to mine Bitcoin alternative.

A new malware has been found that is secretly using your Facebook Messenger to mine digital currency. The new cryptocurrency-mining bot, named "Digmine", that was first observed in South Korea, is spreading fast through Facebook Messenger across the world, Tokyo-headquartered cybersecurity major Trend Micro has warned.

"We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker it was referred to in a report of recent related incidents in South Korea," Lenart Bermejo and Hsiao-Yu Shih of Trend Micro said in a blog post.

"We’ve also seen Digmine spreading in other regions such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It’s not far-off for Digmine to reach other countries given the way it propagates," they added.

Facebook Messenger works across different platforms but "Digmine" only affects the Messenger's desktop or web browser (Chrome) version. If the file is opened on other platforms, the malware will not work as intended, Trend Micro said in a blogpost.

"Digmine" is coded in AutoIt and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the user's Facebook account is set to log in automatically, "Digmine" will manipulate Facebook Messenger in order to send a link to the file to the account's friends.

The abuse of Facebook is limited to propagation for now, but it wouldn't be implausible for attackers to hijack the Facebook account itself down the line. This functionality's code is pushed from the command-and-control (C&C) server, which means it can be updated.

A known modus operandi of cryptocurrency-mining botnets and particularly for "Digmine" (which mines Monero), is to stay in the victim's system for as long as possible. It also wants to infect as many machines as possible, as this translates to an increased hash rate and potentially more cybercriminal income, the blogpost stated.

The malware will also perform other routines such as installing a registry auto start mechanism as well as system infection marker. It will search and launch Chrome then load a malicious browser extension that it retrieves from the C&C server.

If Chrome is already running, the malware will terminate and relaunch Chrome to ensure the extension is loaded. While extensions can only be loaded and hosted from the Chrome Web Store, the attackers bypassed this by launching Chrome via command line.

Trend Micro researchers also suggest ways to avoid these types of threats, it includes following best practices on securing social media accounts: think before you share, be aware of suspicious and unsolicited messages, and enable your account’s privacy settings.

(written with inputs from IANS)

60 million Android users hit by cryptocurrency miner malware.

A malvertising campaign is targeting Android users and forcing their smartphones to mine Monero or XMR cryptocurrencies for as long as it can keep them active on shady websites.
60 million Android users have already been hit.
The good news is that it can be avoided easily.
The bad news, however, is that if you're affected, it might damage your phone permanently.

Details-
Exact names of malicious websites not known yet
California-based security firm Malwarebytes Labs discovered the campaign and said that the attack is an example of "drive-by mining" where a device is exploited to mine cryptocurrency only for a short period of time.

Malwarebytes, however, couldn't pinpoint the exact sites through which attacks are being carried out but, judging by the number of affected users, some of them must be popular.

Infected free apps could also be contributing to spreading infection

Malwarebytes' blog post about the scheme revealed that by targeting mobile users, the attackers have a great advantage since most mobile users don't use anti-virus suites. Apart from shady websites, the post said infected free apps in the Android ecosystem could also be contributors.

Risk
What risk your phone faces from the cryptocurrency-miner.
The attack might seem relatively harmless since it exploits your phone for a short while and leaves no traces.

However, cryptocurrency mining is a very heavy-duty operation even for gaming computers. For an Android phone, it might be a death sentence.

Monero mining uses a 100% of CPU capacity indefinitely, which might cause the phone's chips to melt due to overheating in extreme cases.

Prevention
Not possible to avoid the attack without an anti-virus suite
The malvertising is likely to be on shady pop-up websites or adverts, and the best way to protect yourself from it is to install an anti-virus suite on your phone.

Malwarebytes recommends its own app, but others like Norton, Avast etc. also work.

An anti-virus suite apart, however, it's not quite possible to "avoid" the attack, owing to the insidious nature of malvertising.