How malicious social media images are spreading ransomware

How malicious social media images are spreading ransomware

Facebook and LinkedIn are being used to spread malware including the Locky ransomware, according to a security provider.

Cyber criminals have found a way of crafting malicious image files that incorporate malware, according to researchers at security provider Check Point Software Technologies. And because these files appear to be images, they are accepted by many services.

The crims also found that misconfigured software at Facebook, LinkedIn and other major websites and social networks could be exploited to cause these files to be downloaded rather than merely displayed in visitors' browsers.

If the user then opens the downloaded file, the malware springs into action. Locky, for example, encrypts files on the system until the user pays a ransom.

Check Point has made this video to show how the process – dubbed ImageGate – works:

The company alerted Facebook and LinkedIn in September, and will not fully disclose details to the public until all the major sites affected have fixed the problem.

The malware campaign is still active, so Check Point says there are two measures you should take:

  1. 1. If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file.
  2. 2. Don't open any image file with unusual extension (such as SVG, JS or HTA).

Source: Copyright © BIT (Business IT). All rights reserved.

Sign up to the BIT newsletter!
Our newsletter gives you the tech advice you need to make the right decisions for your small and medium business.

Latest Comments

Latest articles on iTnewsLatest iTnews Articles
Netflix open sources user device security check tool
22 Feb 2017
Gives security recommendations instead of heavy-handed policy enforcement.
Verizon lops off $456 million from Yahoo price
22 Feb 2017
Will share some liabilities stemming from hacks and data breaches.
Malware authors camouflage code with Russian terms
21 Feb 2017
Lazarus group thought to be behind attack code.
FBI conducting three probes into Russian election hacking
20 Feb 2017
Five insiders offer up new details.
Spike in Aussie govt insiders misusing email for fraud
20 Feb 2017
Fall in use of other vectors.