A new infection vector for ransomware: malicious SVG images via Facebook Messenger
The campaign spreads the Nemucod downloader
If you receive any Facebook Message with an .SVG image file, just avoid clicking it: a malicious campaign is spreading a ransomware downloader (Nemucod) among Facebook users by taking advantage of innocent-looking SVG image file to infect computers.
On his blog, Blazen writes:
Earlier today, a friend of mine notified me of something strange going on with his Facebook account; a message containing only an image (an .svg file in reality) had been sent automatically, effectively bypassing Facebook’s file extension filter
Why SVG file?
Scalable Vector Graphics (SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation.
In fact, the content of the ‘photo’ (here the analysis of a sample) is the following:
If the victim installs the Chrome extension, the attack is spread further via Facebook Messenger to all user contacts.
I opened the link and installed the extension, how can I fix it?
from Bart Blazen’s post:
Remove the malicious extension from your browser immediately:
Additionally, run a scan with your antivirus and change your Facebook password afterwards.
Notify your friends you sent a malicious file, or in the other case, let your friend know he/she is infected. If you keep receiving the same message from your friend, you may want to temporarily block their messages.