Spammers Are Using Facebook Messenger To Spread The Notorious Locky Ransomware

Alert! Do not click .svg image file delivered to your Facebook Messenger — because it may lock down your system completely.

According to recent reports, hackers are using Facebook platform to spread malware, including a notorious strain of ransomware called Locky in the form of  innocent-looking SVG image file to infect computers.

The spam campaign, highlighted in a blog post by security researcher Bart Blaze on 20 November, was using the Facebook Messenger feature to spread a malware downloader called Nemucod hidden in an .svg file extension. It was reportedly able to easily bypass Facebook’s spam filters.

Also Read : Hidden code in Android Nougat will stop ransomware from resetting lockscreen passwords

Spammers Are Using Facebook Messenger To Spread The Notorious Locky Ransomware

According to Blaze, ability of Scalable Vector Graphics (SVG) to embed any content you want (such as JavaScript) — therefore any modern browser will able to open this file — made them hackers choice to spread the malware.

Upon analysis, the researcher found that – if clicked the extension would give the spammer the ability to “read and change all your data on the websites you visit.”

Additionally, a separate researcher, Peter Kruse, also encountered the bug and said it was spreading Locky as the payload.

What happen when you clicked this file ? — If clicked, the malicious image file would redirect you to a website mimicking YouTube, but with completely different URL. Then site would ask you to download and install a certain codec extension in Google Chrome in order to view the video. The malicious extension used two names, Ubo and One.

Also Read : Free Ransomware Decryptors To Unlock Your Encrypted Files Without Paying A Penny To Scammers

Spammers Are Using Facebook Messenger To Spread The Notorious Locky Ransomware

Once installed, extensions gives the attackers ability to alter your data regarding websites you visit, as well as takes advantage of browser’s access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.

Moreover, ransomware like Locky, will also deployed on victim’s computer, will lock down sensitive files and demand a financial fee for their return – usually in the form of the Bitcoin cryptocurrency.

Locky – a relatively new form of ransomware – was discovered in the wild by Palo Alto Networks on 16 February this year. Initially, it spread via Microsoft Word macros, however experts found it quickly evolved into using Javascript-based attachments to circulate.

How to be safe ? — “As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave,” Blaze said. He added: “Even though both Facebook and Google have excellent security controls/measures in place, something bad can always happen.

Remove the malicious extension from your browser immediately. Additionally, run a scan with your antivirus and notify your friends [if] you sent a malicious file.”

Also Read : Antivirus Tools Are Not Good Enough To Protect Your System, Says Google Security Leader


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.