Hackers Using Facebook Messenger To Spread Nemucod Downloader and Locky Ransomware

SVG file spreading Locky Ransomware

If you come across with any Facebook Message with an image file in .SVG file format send by any of your FB friends, then just avoid clicking it. An ongoing Facebook Spam Campaign is widely spreading malware downloader among the FB users by taking advantage of a legitimate looking SVG image file in order to infect the systems.

If clicked intentionally or accidentally, the file would eventually infect your computer with dangerous Nemucod Downloader Trojan and Locky Ransomware (new variant .aesir file virus) which is one of the favorite tools among the cyber hackers due to its infecting capabilities. Discovered by the security analyst Bart Blaze, the nasty attack campaign uses the Facebook Messenger in order to spread malware downloader named Nemucod which takes the form of .SVG image file.

Why the spammers uses .SVG file to spread malware?

Cyber crooks considered SVG (Scalable Vector Graphics) files for distributing malware downloader, because the SVG image file has the ability to contain an embedded content, like JavaScript, and it can be opened in a latest web browsers. The spammers added their malicious code right inside the image file which was actually a redirected link to an external file. If clicked, the harmful image file will reroute you to the website which similarly looks like YouTube, but the URL were completely different.

SVG spreading Locky Ransomware

Just like a typical way to distribute malware, the domain would push a pop-up, which asking you to download and install a codec extension in Chrome browser to view the video. Moreover, the malicious Google Chrome browser extension used two names, One and Ubo. Once get installed, the browser extension give the hackers ability to change your data regarding the websites they visit, as well as takes the advantage of Internet browser’s access onto your FB account to secretly message all your FB friends with same SVG image file.

Although, another malware researcher Peter Kurse, colleague of Bart Blaze, reported that the SVG file contains Nemucod Downloader, which ultimately downloads a copy most hazardous Lock Ransomware virus on the victims’ computer in some cases. Locky is one of the most popular ransomware threat that lock all the files on victims’ PC by using RSA-2048 and AES-256 encryption algorithm and demands ransom money to provide the decryption tool for encoding the files.

How To Eliminate the Malicious Browser Extension?

While the Google has already deleted the malicious extensions from the Chrome store and the Facebook will hopefully soon block them entirely. In case, if you are one of those victim who had been tricked into installing one of the two nasty browser extensions, then you can eradicate it immediately from your computer. In order to remove the offending browser extension, just go to the Menu, select More Tools >> Extension and check for the noxious extension and delete it quickly. However, if you have been unlucky and would have ended up with the Locky Ransomware, then one and only the easiest way tor recover your files by using a backup copy. If not, you’re screwed up.

Posted in Latest News.

Leave a Reply

Your email address will not be published. Required fields are marked *