The downturn in Locky ransomware infections toward the tail end of the summer was due in large part to successful efforts to halt the spread of the Nemucod downloader. Nemucod was one of the main vehicles delivering the malware to infected computers, usually via .zip email attachments hiding a .wsf extension.
On Sunday, researcher Bart Blaze said that a new campaign has popped up on Facebook Messenger where users are receiving images that are SVG files that contain embedded JavaScript. The script redirects users to a phony YouTube page that instructs them to install an extension to view the content.
Full Article