Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Bad news: You can now get malware through private messages on Facebook. Worse news: This isn't just theoretical; it's really happening. Worst news: The malware payloads include a particularly nasty strain of ransomware called Locky, for which there is no free decryption program.
If someone attempts to send you a certain kind of image file, called an SVG file, via Facebook Messenger, you should ignore it — unless it's from a friend, in which case you should tell them that they've been hacked.
Bart Blaze, a security researcher who handles Threat Intelligence for multinational financial services company PricewaterhouseCoopers, documented the danger on his security blog. A friend of his received a strange image file in Facebook Messenger. When Blaze analyzed it, he found that the SVG file — a scalable vector graphics file, a type of image file common in website construction — was not an image at all, but rather a JavaScript attack.
MORE: Best Antivirus Software and Apps
Attempting to open the image would instead direct a user to a YouTube copycat site, which would then prompt the user to install a malicious Chrome extension in order to watch the video. Peter Kruse, an eCrime specialist for the Danish CSIS Security Group A/S, did some digging, and found that the extension paved the way for a malicious downloader called Necumod. Necumod, in turn, could download the Locky ransomware.
Locky, like other ransomware programs, locks up your computer and encrypts your files, then holds them ransom for a Bitcoin payment. At present, security researchers have yet to crack Locky's encryption, meaning users who fall victim to it have little recourse but to fall back on an earlier backup of their hard drives, provided they have one.
The most obvious way to avoid the faulty image file is, of course, to simply not click on it. While Facebook Messenger can indeed display some image files without user permissions, it cannot automatically execute JavaScript programs, rendering the faulty SVG inert without user input. The second most obvious way is to deny the Chrome Extension installation.
Even if you've gone that far, all hope is not lost: You can still uninstall the extension before Necumod infects your system. After that, it's up to your antivirus program, which can hopefully detect and deny Necumod and Locky before they install themselves.
If you missed every red flag and now have Locky on your system, there isn't much you can do aside from wipe your hard drive and be more judicious about strange Facebook images next time.
