Not many days pass that there is a resurgence of malware on our Facebook pages. It happens one way or the other, the malware results either in posting on our own Facebook walls or on our friend’s Facebook Pages. Recently, a new wave of malware has been discovered that is spreading on the platform. It conceals itself in the form of plain image files to spread the malware.
According to a security researcher, this malware turns into an SVG image file. These images are sent from compromised Facebook accounts. These SVG files have the ability to include embedded files like JavaScript and can be opened in any modern browser. When the image is clicked to open, it redirects the user to a website appearing to be YouTube.
It is not necessary that the malicious content appears as soon as the user reaches a website. For viewing the content, the malicious software then urges the user to download a specific codec extension in Google Chrome. As soon as the user installs that extension, it enables the malware to change user’s data regarding websites they visit. The extension compromises a user’s account by spreading the software further on Facebook. Things became worse when in some cases the image file contained the Nemucod Downloader which then downloaded a replica of Locky ransomware.
Most of the things are not clear as how the SVG files bypassed the Facebook file extension filters. The Facebook security team was reported of the malicious Chrome extension and therefore it has been removed. It is very common to find such malware on the internet, anything we click may lead us to websites that could take away our data very easily.
For Facebook, cyber criminals attempt to spread malware on the platform is not something unexpected. Facebook is the leading platform that is used immensely by people. It remains under threat of such attacks all the time. So it is always better to take security measures for keeping yourself and others from such attempts.
Update: Recently Facebook approached Neowin to discuss the issue. The company carried out a search on its own and stated that they malware was not found to be connected with Locky or other kids of ransomware. The malicious malware just have the capacity to spread through the platform. According to the statement it said,
“Facebook contains numerous automated systems to stop destructive links and files appearing on its platform. Upon investigation it was determined that these were associated with Chrome extensions instead of installing Locky malware. The bad browser extensions have been reported to the appropriate authorities and such links have already been blocked from the platform.
Confirmed! #Locky spreading on #Facebook through #Nemucod camouflaged as .svg file. Bypasses FB file whitelist. https://t.co/WYRE6BlXIF pic.twitter.com/jgKs29zcaG
— peterkruse (@peterkruse) November 20, 2016
The malware has obstructed only few of the users. Facebook is now going to notify users if any kind of suspicious activity is detected on their account. The company is working on improving its systems so that users can safely use Facebook without any threats of compromising on their data and identity.
Via: NeoWin