Hackers, now using Facebook Messenger to deliver Ransomware

Malware, Ransomware, Threat

So, the new means to deliver “Locky” Ransomeware is on the way.

You heard it right, spammers nowadays are using Facebook’s messaging feature to spread malware that also include an infamous breed of ransomware called Locky to the users on world largest social networking site.

The spam campaign was uncovered by Security Researcher Bart Blaze.

The spammer used SVG file to spread the malware downloader called Nemucod to the users.

SVG – Scalable Vector Graphics, has the ability to embed JavaScript that can be run through most of the modern browser today.
Unsuspecting user when opens the SVG file it redirects toward a fake website that represents itself to be Youtube. The user, then is instantly prompted to install an additional extension to view a ‘video’.

Once the extension is downloaded, it gives spammer the ability to read and change all user data on the website user visited.

Additionally, a separate security researcher, Peter Kruse, also encountered the bug and said the SVG file containing Nemucod downloader, in some case downloads Locky Ransomeware Paylod.

Ransomware like Locky, once installed on a victim’s computer, will lock down sensitive files and demand a fee, in other word, a ransom to decrypt the data

How can we fight against this? Security experts suggest to remove the malicious extension from your browser immediately.
It is also recommended to run Anti-Virus or Anti-Malware scan your system to become double sure that your personal information is safe.
Additionally, notify your friends you sent a malicious file, it may help others from getting infected.

Danger Level? Fraser Kyne, a chief technology officer at security firm Bromium, said: “People are far more likely to click on a link or download something if it looks like it came from a friend.”
He also added “Given that so many users check their Facebook at work, there’s a big risk of this attack bleeding through into the enterprise.”