Facebook Messenger spreads Locky ransomware

A new Facebook scam campaign spreads among users the Nemucod malware downloader, which can install the Locky ransomware.

Users receive a link in Messenger that is sent from hijacked accounts to all of a victims' friends. The link appears to be for a photo saved in the new SVG format. But it is in fact malicious and clicking on it takes unsuspecting users to a fake version of YouTube's website, which asks them to add a Chrome extension to their browser in order to watch a video.

As with other ransomware, once activated Locky encrypts files on the infected machine and connected local networks before issuing a ransom demand for payment in bitcoin for them to be decrypted.

The attack methodology was discovered by security researcher Bart Blaze, and has been acknowledged by Facebook.

"We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform," said a spokesperson.

"In our investigation, we determined that these were not, in fact, installing Locky malware-rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties."

Read more -here-

• T-Mobile now officially owns UScellular
• Google lost its antitrust case with Epic again
• Dropbox is closing down its password manager next month
• NETGEAR expands WiFi 7 Orbi portfolio with the launch of Orbi 370 series
• Microsoft Edge transforms into an AI browser with new Copilot Mode
• SpaceX's Starlink hit by major outage