Malicious SVG images sent over Facebook Messenger are being used to deliver Locky ransomware.
An SVG file can contain a
The attack in this case takes the user to a fake YouTube website that asks the user to “install a codec.” The “codec” is the ransomware loader.
This raises a lot of questions in my mind, and I don’t have many answers. Today’s browsers have protections against cross-site scripting, because it’s so common a problem. Messaging applications, such as Messenger, WhatsApp, and Signal, may have similar issues but less well-developed protections.
If I got an “image” in a messenger application and it took my browser to a website, I’d consider that serious misbehavior and abort whatever I was doing. Of course, a lot of people will just download whatever they’re asked to download.