Alert! Do not click .svg image file delivered to your Facebook Messenger — because it may lock down your system completely.
According to recent reports, hackers are using Facebook platform to spread malware, including a notorious strain of ransomware called Locky in the form of innocent-looking SVG image file to infect computers.
The spam campaign, highlighted in a blog post by security researcher Bart Blaze on 20 November, was using the Facebook Messenger feature to spread a malware downloader called Nemucod hidden in an .svg file extension. It was reportedly able to easily bypass Facebook’s spam filters.
Upon analysis, the researcher found that – if clicked the extension would give the spammer the ability to “read and change all your data on the websites you visit.”
Additionally, a separate researcher, Peter Kruse, also encountered the bug and said it was spreading Locky as the payload.
— peterkruse (@peterkruse) November 20, 2016
What happen when you clicked this file ? — If clicked, the malicious image file would redirect you to a website mimicking YouTube, but with completely different URL. Then site would ask you to download and install a certain codec extension in Google Chrome in order to view the video. The malicious extension used two names, Ubo and One.
Once installed, extensions gives the attackers ability to alter your data regarding websites you visit, as well as takes advantage of browser’s access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.
Moreover, ransomware like Locky, will also deployed on victim’s computer, will lock down sensitive files and demand a financial fee for their return – usually in the form of the Bitcoin cryptocurrency.
How to be safe ? — “As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave,” Blaze said. He added: “Even though both Facebook and Google have excellent security controls/measures in place, something bad can always happen.”
“Remove the malicious extension from your browser immediately. Additionally, run a scan with your antivirus and notify your friends [if] you sent a malicious file.”