Have you came across any Facebook Message with an image file of .SVG file format ? If not then you are lucky and if you received it then avoid clicking it.
If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware. In a short period of time, Locky has become one of the favorite ransomware tools of spammers. It usually spreads via spam emails with a disguised downloader.
This attack was first discovered by malware researcher Bart Blaze. Surprisingly, the malware manages to bypass Facebook’s file extension filter.
But Why SVG File Format ?
Once installed, the extension gives the attackers ability to alter your data regarding websites they visit, as well as takes advantage of browser’s access to your Facebook account in order to secretly message all your Facebook friends with the same SVG image file.
The worst thing here is that according to a malware researcher, the SVG file redirects to a malicious website which downloads a copy of Locky ransomware on the victim’s PC.
In case if you don’t know what ransomware is, it is actually a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a good amount of money is paid to the attacker.
Locky ransomware is one of the most popular ransomware that locks all files on a victim’s computer with RSA-2048 and AES-1024 encryption algorithms and unlocks them until the ransom is paid to attackers.
Remove the malicious extension immediately
If you are one of those who has already installed one of the two malicious extensions, you can remove it by doing the following.
To remove the extension, just go to Menu → More Tools → Extensions and check for the extension and remove it.