Malware spreads malicious SVG file via direct Facebook messages. If the victim clicks on the image, it will redirect him or her to the website which looks like YouTube. However, under the reliable and well-known appearance hides a bogus site that has a different URL. This site delivers a fake pop-up message which asks to install Chrome extension called “Ubo” or “One” which is necessary to play the video. Unfortunately, it’s not a necessary video codec but a Nemucod downloader that brings Locky inside the PC. Besides, this extension gives hackers access to the browser and allows sending the same SVG file to all victim’s Facebook friends and continue ransomware hijack. It might be hard or even impossible to stop the malicious chain reaction; however, we want to warn you to be safe and do not open suspicious pictures or links sent by your Facebook friends. Make sure that the file you receive is safe to open by asking a person what it is or is it safe to open.
Ransomware attack on social media is not unexpected activity. Malware researchers have been expecting it sooner or later. Since 2014 the biggest social media platform has been threatening by various versions of the Facebook virus. During these years the number of attacks hasn’t decreased; oppositely, it is still growing. Fortunately, it cannot cause such damage as Locky virus. However, Locky managed to step inside Facebook, and it is the biggest concern. It’s the first ransomware that used social media as a distribution technique. Probably, other developers will create other ways to spread malware on social media and cause more damage for computer users. Therefore, it’s important to take precautions and be even more careful online.