What is an .SVG file?
Scalable Vector Graphics (SVG) is an XML-based vector image format for two-dimensional graphics with support for interactivity and animation. The SVG specification is an open standard developed by the World Wide Web Consortium (W3C) since 1999.
How does the malware spread:
By clicking on the image sent, it redirects the user into a website posing as YouTube. After redirecting to that particular website the page will then ask the user to download a certain codec extension in Google Chrome in order to view the video, and this is where malware is injected.
Installing the purported extension will give it the capability to alter user’s data regarding websites they visit. This was discovered by Bart Blaze, a security researcher where he explains that the extension will also spread the malware further on Facebook, compromising the victim’s account.
It is not clear on how the SVG files bypassed Facebook’s file extension filter, which only accepts a set number of extensions. However Facebook’s security team has been reportedly notified about this and now the malicious Chrome extension has also been removed.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020