A ransomware disguised as a file pictureς (.jpg) στο Facebook, on LinkedIn, and other social networks.
Checkpoint researchers recently discovered that cybercriminals can incorporate malware into graphics and image files, and how they can run malicious code within these images to infect social network users with variants of the dangerous Locky ransomware.
“Attackers are exploiting a configuration error in the social media infrastructure to force their victims to download the image file. This results in contamination of the users device after one click on file,” the researchers report.
Checkpoint named her attack operator ImageGate, and offered to collect information on Facebook and LinkedIn since early September.
However, as the ransomware attacks seem to be continuing, something that means that social networks have not repaired the security gap that allows them.
As long as they are looking for a solution, the CheckPoint research team advises you not to open a picture from another user and not download them to your computer.
"Every social networking site should display the image without having to download it," say the researchers, so you do not need to open the image file.
Η CheckPoint also advises users not to open any image files with unusual extensions (eg SVG, JS or HTA).
The good news is that this attack has not been automated. That is, it requires users to download and run the malicious files themselves. The bad news is that there is always someone who opens the files that come to him, especially if it is a "harmless" image.
Watch the demonstration of the attack (PoC) video:
https://www.youtube.com/watch?v=sGlrLFo43pY