A new virus, specifically a ransomware, might be targeting your computer through shared pictures on social media websites like Facebook and LinkedIn. A new attack vector called ImageGate is the culprit, according to researchers. A few researchers from CheckPoint say that a new type of ransomware has been doing the rounds, and is known as Locky. Malware like these does not necessarily attack your PC through browsers and operating systems only. Interestingly Locky understands the flaws in the treatment of images by Facebook and LinkedIn and uses it to their advantage by making users download malicious codes through the pictures which eventually hijacks computer exactly when you open them. The ransomware encrypts your files and attackers don’t give the back to the user until a certain amount is paid.
Locky programs, in general, are not highly risky, which ironically makes it even more dangerous as security apps generally do not think about viruses in social media websites, and the people too are not really paranoid about attacks on those platforms. CheckPoint said that they had informed both LinkedIn and Facebook but it is difficult to gauge what actions have been taken. Roman Ziakin and Dikla Barda, Check Point Research team wrote, “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file,”
However, this is a big reminder that we should not take Facebook-like sites for granted. It is always easier to prevent threats than react to them when the damage has already been done. After all, there is no guarantee that you will get back the data even if you pay the ‘ransom’. “If you have clicked on an image and your browser starts downloading a file, do not open it,” CheckPoint team said. They also asked users of Facebook and LinkedIn to not open files with weird extensions like JS, HVG, HTA etc as they are full of malware.