The “ich.zip” from the chat – malware hidden between pictures

The sending of Trojans via Facebook chat is now well known, but it continues to bear new fruit. The malware is now also hidden between pictures.

In these cases, which were recently reported to us, an approximately 6MB file is available for download via a chat message via a Dropbox link. 6MB in size - you might not suspect a virus, but an actual image archive.

 

PLEASE! PLEASE! PLEASE!

Yes OK. If you ask so kindly, we will download the file. We could actually end the report at this point, because we basically always advise against loading a .zip file from strangers. Of course that also applies here! But that would be boring now, because the makers of the malware have at least tried to hide their little guy in a somewhat clever way.

So there is a shared Dropbox link

So if you load this file and open it (please don't do that!), you will see a file archive. This is initially harmless and – as one would assume given its size – is filled with a few files.

 

POPO – It's not just Minions who laugh about it

There are three directories in the .zip archive that promise corresponding content: POPO, face and breasts. Briefly on this topic: yes, there is a facial picture and three completely irrelevant POPO pictures to see. It's not worth downloading for that.

The download is not intended for that, because the true intention of the archive lies in the “Breasts” folder: This is where the executable .exe file is located!

Our warning therefore continues:

- Do not open or download .zip files from strangers
- Treat .zip files with skepticism, even from people you know
- Do not start executable .exe files
- Chatting with strangers is often associated with fraudulent intent

It doesn't always have to be just a file behind a chat with a stranger, it can also be the start of a fraudulent romance scam.

Author: Andre, mimikama.org