Cyber criminals are using Facebook messenger to spread Locky ransomware via images.
Researcher Bart Blaze discovered the attack which uses .SVG image file to deliver the malware. SVG images are being used because the criminals can contain embedded content and be opened in browsers.
Clicking on the image redirects the victim to a fake YouTube site. Once there, the site would prompt users to download and install a codec extension in Google Chrome in order to view the video.
The SVG image contains a Nemucod downloader which in some cases carries the Locky ransomware. However, Google and Facebook have been made aware of the scam.
If the victim installed the extention, it will show as two names, Ubo and One. In order to remove the extention, just go to Menu ? More Tools ? Extensions and check for the extension and remove it.
However, if you become the victim of ransomware, your only choice is to use a backup of your files, otherwise you are screwed.
Researchers advise: "As always, be wary when someone sends you just an 'image' – especially when it is not how he or she would usually behave."
Source: The Hacker News
No comments:
Post a Comment