Hackers temporarily found a way to bypass Facebook filtering systems to deliver malicious Chrome extensions to users, security researchers have found. These then opened up the way for even worse malware downloaders that can deliver a range of Trojans and other programs to your desktop.
The image leads to a fake YouTube item, which demands you add a codec to view the video on Chrome. Security researcher Bart Blaze, who discovered the ransomware, found that the extension to execute this, ?EU?One,?EU? gives itself permission to ?EU?read and change all your data on the websites you visit.?EU? He wrote that he was, ?EU?not exactly sure what this extension is supposed to do beside spreading itself automatically via Facebook, but likely it downloads other malware to your machine.?EU? In his case, this included the popular Nemucod malware downloader.
Another security researcher, Peter Kruse, reported that one possible payload was the Locky ransomware. Facebook told Threat Post, though, that, ?EU?We determined that these were not in fact installing Locky malware.?EU?
Confirmed! #Locky spreading on #Facebook through #Nemucod camouflaged as .svg file. Bypasses FB file whitelist. https://t.co/WYRE6BlXIF pic.twitter.com/jgKs29zcaG — peterkruse (@peterkruse) November 20, 2016