New Malware Targeting Social Media Images

New Malware Targeting Social Media Images

There is a new malware to look out for targeting Facebook and LinkedIn users through images.

Opening or clicking on certain Facebook or LinkedIn image or zip files,  can result in a malware agent being install on your computer, which will then contact a Dropbox site to download the actual malware onto your computer.

Last year, researchers at the AppRiver security firm noticed that criminals were using SVG image files to send Ransomware. These SVG image files were within zip files claiming to be attached resumes in job application letters. Clicking on the unzipped SVG file would send the victim to a webpage that would eventually lead to a Ransomware infection.

Recently it has been discovered that a malware exploit can be installed by directly using the SVG image file attached to a Facebook or LinkedIn message. An SVG file can allow code to be placed within an image, unseen by the person viewing the image. In the case of this exploit, the code is in Java script, and viewing the picture will send the victim to a fake YouTube page. There, you will be asked to get an extension for your browser in order to view the image/video. Currently the SVG exploit is being used to either download Locky Ransomware, use the browser to learn passwords and credit card numbers, or to send the exploit on to other Facebook and LinkedIn contacts. After adding the extension suggested on the fake YouTube site, the browser is automatically redirected back to Facebook/LinkedIn where it uses the contact list to further spread the Malware. Currently the exploit has not yet been fixed, however a solution is being worked on.

Best Practices:

  • Beware of photos coming through Facebook or LinkedIn messenger from people you rarely hear from.
  • Don’t open any files with zip or SVG extensions unless you know the file comes from a trusted source.
  • If you do get tricked into downloading a file, do not open it, even if it claims to be a legitimate file. (One way you could get tricked is that Windows doesn’t normally display extensions, so the real file name would be ‘photo.jpg.svg’ but the ‘svg’ part would not be visible).
  • In Windows you can view the file extensions by opening File Explorer and clicking on ‘View the file name extensions’ which usually displays the full extension of a file.
  • Ensure you have reliable, secure and up-to-date Internet security software. If you’re not sure how well you’re protected, visit our Security & Compliance page for more information and then Get In Touch.
  • Use different passwords for different accounts and don’t write them down. Try to use a mixture of upper case, lower case, special characters and numbers. 
  • Install the latest operating system update – apply Windows/MAC OS X updates when they become available.
  • Protect your data by using encryption for your most sensitive files, such financial records or tax returns.

If you believe your computer has been infected, immediately disconnect your computer from the network by removing the network cable from the back of your computer and making sure your computer is disconnected from the Wi-Fi. Do not transfer any files off your computer.

Once you have disconnected your computer from the network, reboot it in Safe Mode and run anti-virus and anti-malware scans to detect any malicious files on your computer.

For more information or support, Contact Our Team who will be able to help.