Necumod – Malware Spread Through Facebook Messenger

A Necumod malware was spreading via FaceBook’s messenger system on November twenty two thousand sixteen. A Scalable Vector Graphics image file was being spread as a private message to users. Those individuals that viewed this image were then redirected to a fake YouTube site.

This false positive YouTube site then prompted people to install an extension to properly view that content. This extension obtained those individuals FaceBook login credentials. Also, this extension was spreading that infected Scalable Vector Graphics image via FaceBook messenger.

This SVG type of image file allows you to place scripting code, for example JavaScript inside. This scripting code will run just like any other script. Supposedly, this browser extension was only installed on web surfers using Google Chrome web browser.

This Necumod malware may have performed other nefarious activities on your computer. Those rogue Google Chrome extensions have been removed from their store. Also, FaceBook is now filtering Scalable Vector Graphics images.

A spokesperson for FaceBook was quoted as saying:

“We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform. In our investigation, we determined that these were not in fact installing Locky malware rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties.”

If you think that you were infected you may want to run an anti-malware scan, virus scan, and remove any suspicious extensions from Google Chrome, and change your FaceBook password. Bart Blaze, a researcher was credited with discovering this malware. No word on how many individuals were infected by Necumod.