Bad news: You can now get malware through private messages on Facebook. Worse news: This isn't just theoretical; it's really happening. Worst news: The malware payloads include a particularly nasty strain of ransomware called Locky, for which there is no free decryption program.
The sign outside Facebook headquarters in Silicon Valley.
If someone attempts to send you a certain kind of image file, called an SVG file, via Facebook Messenger, you should ignore it — unless it's from a friend, in which case you should tell them that they've been hacked.
Attempting to open the image would instead direct a user to a YouTube copycat site, which would then prompt the user to install a malicious Chrome extension in order to watch the video. Peter Kruse, an eCrime specialist for the Danish CSIS Security Group A/S, did some digging, and found that the extension paved the way for a malicious downloader called Necumod. Necumod, in turn, could download the Locky ransomware.
Locky, like other ransomware programs, locks up your computer and encrypts your files, then holds them ransom for a Bitcoin payment. At present, security researchers have yet to crack Locky's encryption, meaning users who fall victim to it have little recourse but to fall back on an earlier backup of their hard drives, provided they have one.
Even if you've gone that far, all hope is not lost: You can still uninstall the extension before Necumod infects your system. After that, it's up to your antivirus program, which can hopefully detect and deny Necumod and Locky before they install themselves.
If you missed every red flag and now have Locky on your system, there isn't much you can do aside from wipe your hard drive and be more judicious about strange Facebook images next time.