Hackers have found a new way to execute malicious code through Facebook and LinkedIn.
Check Point researchers have discovered a “new attack vector, named ImageGate,” that embeds malware in image and graphic files.
Malicious code is embedded into an image file and is then uploaded to a social media website. The hackers then exploit a misconfiguration on the social media site that forces their victims to download the image file. Once the image is downloaded, the files on the user’s personal device will automatically be encrypted. They only way to gain access is to pay a ransom.
“In the past week, the entire security industry is closely following the massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign. Check Point researchers strongly believe the new ImageGate technique reveals how this campaign was made possible, a question which has been unanswered until now,” security firm Check Point said in a blog post.
“The industry estimation is that the campaign is still raging and accumulates new victims every day. As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms. Cyber criminals understand these sites are usually ‘white listed’, and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities.”
Check Point recommends doing the following to stay safe:
- If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file.
- Don’t open any image file with unusual extension (such as SVG, JS or HTA).