Alert! Do not click .svg image file delivered to your Facebook Messenger — because it may lock down your system completely.
According to recent reports, hackers are using Facebook platform to spread malware, including a notorious strain of ransomware called Locky in the form of innocent-looking SVG image file to infect computers.
The spam campaign, highlighted in a blog post by security researcher Bart Blaze on 20 November, was using the Facebook Messenger feature to spread a malware downloader called Nemucod hidden in an .svg file extension. It was reportedly able to easily bypass Facebook’s spam filters.
Also Read : Hidden code in Android Nougat will stop ransomware from resetting lockscreen passwords
According to Blaze, ability of Scalable Vector Graphics (SVG) to embed any content you want (such as JavaScript) — therefore any modern browser will able to open this file — made them hackers choice to spread the malware.
Upon analysis, the researcher found that – if clicked the extension would give the spammer the ability to “read and change all your data on the websites you visit.”
Additionally, a separate researcher, Peter Kruse, also encountered the bug and said it was spreading Locky as the payload.
Confirmed! #Locky spreading on #Facebook through #Nemucod camouflaged as .svg file. Bypasses FB file whitelist. https://t.co/WYRE6BlXIF pic.twitter.com/jgKs29zcaG
— peterkruse (@peterkruse) November 20, 2016
What happen when you clicked this file ? — If clicked, the malicious image file would redirect you to a website mimicking YouTube, but with completely different URL. Then site would ask you to download and install a certain codec extension in Google Chrome in order to view the video. The malicious extension used two names, Ubo and One.
Also Read : Free Ransomware Decryptors To Unlock Your Encrypted Files Without Paying A Penny To Scammers
Once installed, extensions gives the attackers ability to alter your data regarding websites you visit, as well as takes advantage of browser’s access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.
Moreover, ransomware like Locky, will also deployed on victim’s computer, will lock down sensitive files and demand a financial fee for their return – usually in the form of the Bitcoin cryptocurrency.
Locky – a relatively new form of ransomware – was discovered in the wild by Palo Alto Networks on 16 February this year. Initially, it spread via Microsoft Word macros, however experts found it quickly evolved into using Javascript-based attachments to circulate.
How to be safe ? — “As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave,” Blaze said. He added: “Even though both Facebook and Google have excellent security controls/measures in place, something bad can always happen.”
“Remove the malicious extension from your browser immediately. Additionally, run a scan with your antivirus and notify your friends [if] you sent a malicious file.”
Also Read : Antivirus Tools Are Not Good Enough To Protect Your System, Says Google Security Leader
