Facebook Messenger spreads Locky ransomware2016-11-23 03:14 by Daniela
Tags: Facebook, Locky, ransomware
A new Facebook scam campaign spreads among users the Nemucod malware downloader, which can install the Locky ransomware.
Users receive a link in Messenger that is sent from hijacked accounts to all of a victims' friends. The link appears to be for a photo saved in the new SVG format. But it is in fact malicious and clicking on it takes unsuspecting users to a fake version of YouTube's website, which asks them to add a Chrome extension to their browser in order to watch a video.
As with other ransomware, once activated Locky encrypts files on the infected machine and connected local networks before issuing a ransom demand for payment in bitcoin for them to be decrypted.
The attack methodology was discovered by security researcher Bart Blaze, and has been acknowledged by Facebook.
"We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform," said a spokesperson.
"In our investigation, we determined that these were not, in fact, installing Locky malware-rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties."
Read more -here-