Facebook Ransomware

Security Alert: Ransomware attacks via Facebook Messenger using Google Chrome extensions

Ransomware is a new threat to Facebook and Google Chrome users. Cybercriminals are sending SVG (scalable vector graphic) images to their victims via Facebook Messenger. The message appears to have been sent by a friend of Facebook. This can fool many users.

Why SVG files?

SVG files are preferred by hackers to spread malware because they allow you to embed JavaScript code and then run it in modern browsers. The SVG file is where hackers embed malicious JavaScript code.

What is the secret to it?

This attack uses a Nemucod downloader, which is sent via Facebook Messenger as an SVG file.

What happens if Facebook users click the image?

You will be redirected via a fake Youtube URL. A popup will appear asking you to install a codec, an extension for Google Chrome. You allow cyber-attackers access to your computer or device, and they can take control of the whole network by installing and downloading this extension.

Sometimes, the malicious Chrome extension installs Nemucod, which eventually delivers Locky Ransomware. A remote server downloads an executable that is then installed on your computer. Locky Ransomware malware can encrypt any files on your computer, device, and network.

How can you defend your business from this threat?

What should system administrators, Clevel executives, and other information security personnel do to protect their data?

Locky Ransomware can be a serious threat to your business as it encrypts all of your backup files. It is important to inform your employees about this crypto virus and to teach them how to prevent getting infected.

Your employees should think twice about clicking on SVG files. Also, teach them how to delete Google Chrome extensions from their browsers if they click on a malicious file.

Very recently, it was reported that a piece of malware was spreading on Facebook, which exploited an image file to install malware. A security company has found a similar trick that exploits images to install Locky ransomware.

[embedded content]

Dubbed as ‘ImageGate’ by Check Point Software Technologies, the malware is reportedly equipped with the capability to embed malicious code into an image file, and then upload it directly onto Facebook. Researchers Roman Ziakin, Dikla Barda said that the attackers used a social media misconfiguration to force victims to download the image file. “This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.”

The researchers sent a JPG file via Facebook Messenger to demonstrate how malware works. After the attachment has been clicked, it will open Windows Save prompts and download a.hta.

Double-clicking the file downloaded will apparently unleash Locky’s ransomware. This will encrypt many files on the victim’s computer. To free their computer from infection, they will need to pay ransom money. Prices may vary.

Given the number of Facebook users, it is not surprising that cybercriminals are targeting websites like Facebook. According to researchers, cybercriminals know that these sites are often ‘whitelisted’ and are constantly looking for new ways to use social media to host their malicious activities.

We reached out to Facebook and will update this article if we receive more information.

These are just a few of the reasons why it is important to be cautious about what you click on the internet. Even if it appears to be coming from someone you trust, Notifying others about potential malware attacks is a great way to keep yourself and your family safe online.