Published: Thu, December 01, 2016
Technology | By Tonya May

Malware attacking Facebook, LinkedIn users via malicious images

Malware attacking Facebook, LinkedIn users via malicious images

The suspicious images represent a new "ImageGate" attack vector for the Locky ransomware, according to a Thanksgiving Day blog post by security company Check Point.

According to researchers from Check Point, they have discovered a new attack method that has been named ImageGate. "The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file", the Check Point researchers said.

For consumers concerned about an ImagteGate attack, Check Point recommended not opening any files downloaded to a device after clicking any image.

First, the hackers use some hidden techniques to embed a malicious code into any image, which makes it the platform for spreading the virus. Released earlier this year, Locky has been blamed for numerous attacks, including one in which a California hospital had to pay a ransom of about $17,000 in bitcoin to unlock its files.

Check Point researchers reveal a new vector for spread of the Locky ransomware.

If the worst happens, and you do end up with all your files encrypted by an attacker, it seems there are, in many cases, few alternatives to wiping your computer and starting again, or paying the ransom.

APEC members agree to realize China-led FTAAP
Donald Trump says he will issue an executive action on his first day in office to withdraw from the Trans-Pacific Partnership. China hoped that trade agreements would "reinforce each other rather than undercut each other", Geng said.

The security firm's recommendations to consumers are: "If you have clicked on an image and your browser starts downloading a file, do not open it".

The only way to avoid the actual Locky code, which has been around for nearly a year, is to be aware of it and to not open the file.

Social media platforms are becoming increasingly popular among hackers and thieves as that's where they can find targets.

Check Point reported that the malware was taking advantage of flaws in how images on Facebook and LinkedIn are being processed to infect your computer. The result would be having your files being encrypted. "There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook..." said a Facebook spokesperson in a statement emailed to SC Media.

Instead, Facebook puts the blame on malicious extensions of Google's Chrome browser, which it says have now been reported.

But there are indications that the.svg file didn't always try to get people to run a dodgy extension. As most social websites show picture previews without needing to download them, the file could be a malware. The fact that many people are on social media, it would be a ideal place for their new operation.

Like this: