once again, the very popular Facebook Messenger is used as a vector to spread an attack. The publisher Check Point puts into effect a warning to users of the application, but also LinkedIn also exploited by hackers.
The method is classical : to send a image .svg, which refers to a video that require the download of a pseudo-expansion of the trapped. The editor states that the contamination can also be done by simple download of the image. Once downloaded, it activates a ransomware (the famous Locky) on the infected computer.
It is not yet known how many people have been affected by this attack but CheckPont specifies that Locky is involved in 5% of the attacks observed across the globe on the month of October. Facebook is aware of the threat since September but obviously, the attack was still ongoing.
“as people spend more time on social networking sites, hackers are looking for a way to get in on these platforms. Cybercriminals understand that these sites are usually put in white-list, and for this reason, they are continually in search of new techniques to exploit social networks for malicious purposes,” says Oded Vanunu, a researcher at Check Point.
In October, this is the virus Ecko encountered on Messenger. Again the approach is classic : you receive on instant messaging, a video allegedly sent by a contact. For efficiency, the video (xic.graphics) shows up with a picture and your profile is named “your first name Video” in order to entice you to click.
By clicking on the link, the user is redirected to a fake YouTube page, he is then asked to download an extension to read the file (again, classical approach). It is at this time that the virus Eko enters your computer allowing a remote access to your data, including to campaigns of phishing, or to spread once again through Facebook via the hacking of the account.