Date:24/11/16
Bart Blaze, a security researcher, has discovered a new strain of malware that takes the form of .SVG image files, which are being automatically sent from compromised accounts of Facebook users.
Unlike other common file types, the .SVG image files have the ability to contain embedded content like JavaScript, and can be opened in a modern browser. In this particular case, the script in the image redirects users to a site posing as YouTube that says that in order to view the video, the user must install a certain codec extension in Google Chrome, a very typical modus of malware creators.
The plugin in question (for Google Chrome) will give it the capability to make changes to the users’ data on the websites they visit, i.e. the tool that sends out the message with the SVG file to other users. The extension will also spread the malware further on Facebook, compromising the victim’s account, according to Blaze.
However, Peter Kruse, a colleague of Blaze and eCrime specialist, further noted that the SVG file does not always redirect users to the malicious Chrome extension. For instance in another case, the image file contained the Nemucod downloader, which then downloaded a copy of Locky ransomware on the victims’ machine.
While it is unknown how the SVG files managed to bypass Facebook’s file extension filter, Facebook’s security team has been reportedly notified of the exploit, and will hopefully soon block it completely. The malicious Chrome extension has also been removed by Google from its Chrome Store.
“As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave,” Blaze advises.
If you have been fooled into installing the extension, remove it by going to Menu > More Tools > Extensions. Once done, check your computer for additional malware. If are unlucky and have ended up with Locky, an up-to-date backup is your best bet for restoring your files.
Facebook malware disguises itself as an image, spreads via message
Bart Blaze, a security researcher, has discovered a new strain of malware that takes the form of .SVG image files, which are being automatically sent from compromised accounts of Facebook users.Unlike other common file types, the .SVG image files have the ability to contain embedded content like JavaScript, and can be opened in a modern browser. In this particular case, the script in the image redirects users to a site posing as YouTube that says that in order to view the video, the user must install a certain codec extension in Google Chrome, a very typical modus of malware creators.
The plugin in question (for Google Chrome) will give it the capability to make changes to the users’ data on the websites they visit, i.e. the tool that sends out the message with the SVG file to other users. The extension will also spread the malware further on Facebook, compromising the victim’s account, according to Blaze.
However, Peter Kruse, a colleague of Blaze and eCrime specialist, further noted that the SVG file does not always redirect users to the malicious Chrome extension. For instance in another case, the image file contained the Nemucod downloader, which then downloaded a copy of Locky ransomware on the victims’ machine.
While it is unknown how the SVG files managed to bypass Facebook’s file extension filter, Facebook’s security team has been reportedly notified of the exploit, and will hopefully soon block it completely. The malicious Chrome extension has also been removed by Google from its Chrome Store.
“As always, be wary when someone sends you just an ‘image’ – especially when it is not how he or she would usually behave,” Blaze advises.
If you have been fooled into installing the extension, remove it by going to Menu > More Tools > Extensions. Once done, check your computer for additional malware. If are unlucky and have ended up with Locky, an up-to-date backup is your best bet for restoring your files.
Views: 452
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
