<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><strong><img src="https://cdn2.hubspot.net/hubfs/2548414/Blog%20images/nemucod.jpg" alt="nemucod.jpg" width="454" height="255"></strong></p> <!--more--><p><strong>Nemucod</strong> is a downloader Trojan that targets users through malware spam campaigns. It downloads additional malware onto a victim’s computer, then executes it without the user’s consent. It usually spreads through malicious spam emails with .zip extensions.</p> <p>Most recently, however, it was seen spreading through Facebook messages as <a href="https://bartblaze.blogspot.com/2016/11/nemucod-downloader-spreading-via.html">an SVG image</a>. &nbsp;These images are typically used for vectors, but criminals were able to embed malicious code into the photo. Upon clicking the photo, the victim would be redirected to another website and prompted to download a browser extension. This would allow the malware to access the victim's Facebook account to message their friends with the same SVG image, propagating the malware further. There were also <a href="http://www.csoonline.com/article/3143173/security/malicious-images-on-facebook-lead-to-locky-ransomware.html">reports of infection</a> leading to the download of <strong>Locky</strong> ransomware onto the victim’s computer.</p> <p>ThreatSTOP customers are protected from <strong>Nemucod</strong> if they have <strong>TSCrit</strong> targets enabled in their policies.</p></span>
