Malicious Image files on Facebook spreading Locky Ransomware


Security researchers have discovered ransomwares being spread by forcibly exploiting vulnerabilities in  social networking sites including Facebook and LinkedIn. It is found that the malware is being spread through Scalable Vector Graphics (.SVG) files on Facebook Messenger. SVG is XML-based file. So it can embed content such as JavaScript. This malware manages to bypass Facebook’s file extension filter. The malware being distributed is the locky ransomware.

In the case of the Locky ransomware, all files on the affected computer are encrypted until a ransom is paid.

When the file is opened, users were prompted to install an extension. This extension downloads the Nemucod downloader which can spread the malware, which then encrypts the files.

Users should never download attachments from people they don’t know, or open those attachments with unusual file extension such as svg, js or hta. If the extension is downloaded, do not open them.

Video Demonstration of the Attack

Leave a Reply

Your email address will not be published. Required fields are marked *