Sending links to unsuspecting users is one of the easiest ways through which hackers get on our devices. The latest concerns Facebook Messenger users. UK Tabloid The Telegraph reports that a malware that is installed through a link send to hijacked accounts is capable of stealing your sensitive info like usernames, password and ultimately financial details.
The link comes in the form of a photo in SVG format and when clicked upon, the users is re-directed to a fake YouTube website clone which then asks you to install some kind of Chrome extension in order to watch a video. The unsuspecting victim at this point follows the instructions and once this is done, attackers now have access to tour web history thereby changing your information without your permission and stealing data you have on such websites.
A potential victim is asked to click on a .svg photo format in Messenger (credit: The Telegraph)A potential victim is re-directed to a YouTube clone site (Credit: The Telegraph)
“Invisible on the Chrome toolbar, the malicious browser add-on can steal and change information related to every website a victim visits, including login details and passwords. Cyber criminals could use it to retrieve a victim’s online banking login details and harvest financial information, for example.”
The scam was discovered by Bart Parys, a computer security researcher who explained further that the new technique could also be used by attackers to install a ransomware on the victim’s computer which in turn encrypts files on your device like music, documents and photos. Because they know that you don’t want to lose those precious files, you are then asked to pay between 0.1 and 1 bitcoin (£59 to £592 0r $74.80/34,000 Naira to $748/344,000 Naira) in order to have your files back.
The good news out of this is that it looks like Google and Facebook have now taken note of this and have acted, Parys said “It seems that the Chrome extensions have been removed, and the SVG filetype is now being filtered for in Facebook,”
Facebook released a statement in which they said the following;
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook,” the company said. “We are already blocking these ones from our platform, and we have reported the bad browser extensions to the appropriate parties.”
While this may be so, threats evolve daily and it only take a simply and honest click on a link to wreak havoc. Install and antivirus and beware of links that may look suspicious. In other cases, alert companies like Facebook and Google so they can deal with such scams before they spread to other users.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
