Sending links to unsuspecting users is one of the easiest ways through which hackers get on our devices. The latest concerns Facebook Messenger users. UK Tabloid The Telegraph reports that a malware that is installed through a link send to hijacked accounts is capable of stealing your sensitive info like usernames, password and ultimately financial details.
The link comes in the form of a photo in SVG format and when clicked upon, the users is re-directed to a fake YouTube website clone which then asks you to install some kind of Chrome extension in order to watch a video. The unsuspecting victim at this point follows the instructions and once this is done, attackers now have access to tour web history thereby changing your information without your permission and stealing data you have on such websites.
“Invisible on the Chrome toolbar, the malicious browser add-on can steal and change information related to every website a victim visits, including login details and passwords. Cyber criminals could use it to retrieve a victim’s online banking login details and harvest financial information, for example.”
The scam was discovered by Bart Parys, a computer security researcher who explained further that the new technique could also be used by attackers to install a ransomware on the victim’s computer which in turn encrypts files on your device like music, documents and photos. Because they know that you don’t want to lose those precious files, you are then asked to pay between 0.1 and 1 bitcoin (£59 to £592 0r $74.80/34,000 Naira to $748/344,000 Naira) in order to have your files back.
The good news out of this is that it looks like Google and Facebook have now taken note of this and have acted, Parys said “It seems that the Chrome extensions have been removed, and the SVG filetype is now being filtered for in Facebook,”
Facebook released a statement in which they said the following;
“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook,” the company said. “We are already blocking these ones from our platform, and we have reported the bad browser extensions to the appropriate parties.”
While this may be so, threats evolve daily and it only take a simply and honest click on a link to wreak havoc. Install and antivirus and beware of links that may look suspicious. In other cases, alert companies like Facebook and Google so they can deal with such scams before they spread to other users.