A ransomware disguised as a file image (.jpg) στο Facebook, στο LinkedIn, and other Social Networks.
Checkpoint researchers recently discovered how cybercriminals can embed malware in graphics and image files, and how they can execute the malicious code within these images to infect social network users with variants of the dangerous Locky ransomware.
“Aggressors exploit a error settings in the social media infrastructure to force their victims to download the image file. This results in the user's device being infected after clicking on the file,” the researchers report.
Checkpoint called the ImageGate carrier attack, and offered that information had been collected on Facebook and LinkedIn since early September.
However, as the ransomware attacks seem to be continuing, something that means that social networks have not repaired the security gap that allows them.
As long as they are looking for a solution, the CheckPoint research team advises you not to open a picture from another user and not download them to your computer.
"Every social networking site should display the image without having to download it," say the researchers, so you do not need to open the image file.
Η CheckPoint also advises users not to open any image files with unusual extensions (eg SVG, JS or HTA).
The good news is that this attack has not been automated. That is, it requires users to download and run the malicious files themselves. The bad news is that there is always someone who opens the files that come to him, especially if it is a "harmless" image.
Watch the demonstration of the attack (PoC) video:
https://www.youtube.com/watch?v=sGlrLFo43pY