The next time a long-forgotten Facebook friend sends you an odd picture, it’s probably best to leave it alone.
Cyber-criminals have found a creative way to weasel into your computer: implanting malicious code inside a Facebook Messenger picture.
For the most part, the Facebook messaging app is tightly controlled, and doesn’t give hackers a lot of opportunity to mess with users. The app does allow users to embed a photo into a conversation, however, and that’s how the trick works. Discovered by security researcher Bart Parys, who wrote about it on Sunday after a friend spotted it on Facebook, it relies on the fact that Facebook lets users embed images as .svg files, a lesser-used file extension. It’s possible to fill an .svg file with script, as happened with the attack Parys noticed.
Clicking that photo will direct a user’s browser to open up to what appears to be a YouTube video in Google Chrome. It’s not, though: It’s actually a hoax site that tells a user they must install a Chrome extension to view it. For the full article click here
from hacker samurai http://ift.tt/2g7JMSN
via IFTTT
No comments:
Post a Comment