Locky virus launched a new distribution campaign on Facebook

Locky virus launched a new distribution campaign on Facebook snapshot

The most popular social network Facebook is not only attractive for regular Internet users and various businesses, but also for the malware creators. This weekend malware researchers have spotted that infamous Locky virus launched a new attack on Facebook. Even though Facebook has a high security and protection filters that block malicious and inappropriate content, malware managed to get through it as SVG file. Hackers have chosen this XML-based vector image format because it allows dynamic content and let hackers to add malicious JavaScript code.

Malware spreads malicious SVG file via direct Facebook messages. If the victim clicks on the image, it will redirect him or her to the website which looks like YouTube. However, under the reliable and well-known appearance hides a bogus site that has a different URL. This site delivers a fake pop-up message which asks to install Chrome extension called “Ubo” or “One” which is necessary to play the video. Unfortunately, it’s not a necessary video codec but a Nemucod downloader that brings Locky inside the PC. Besides, this extension gives hackers access to the browser and allows sending the same SVG file to all victim’s Facebook friends and continue ransomware hijack. It might be hard or even impossible to stop the malicious chain reaction; however, we want to warn you to be safe and do not open suspicious pictures or links sent by your Facebook friends. Make sure that the file you receive is safe to open by asking a person what it is or is it safe to open.

Ransomware attack on social media is not unexpected activity. Malware researchers have been expecting it sooner or later. Since 2014 the biggest social media platform has been threatening by various versions of the Facebook virus. During these years the number of attacks hasn’t decreased; oppositely, it is still growing. Fortunately, it cannot cause such damage as Locky virus. However, Locky managed to step inside Facebook, and it is the biggest concern. It’s the first ransomware that used social media as a distribution technique. Probably, other developers will create other ways to spread malware on social media and cause more damage for computer users. Therefore, it’s important to take precautions and be even more careful online.