If you receive an image file sent by someone, even your friend, on your Facebook Messenger, LinkedIn or any other social media platform, just DO NOT CLICK ON IT.
Even JPG image file could eventually infect your computer with the infamous Locky Ransomware.
Earlier this week, we reported a new attack campaign that used Facebook Messenger to spread Locky Ransomware via .SVG image files, although Facebook denied this was the case.
Now, researchers have discovered that the ongoing spam campaign is also using boobytrapped .JPG image files in order to download and infect users with the Locky Ransomware via Facebook, LinkedIn, and other social networking platforms.
Security researchers from Israeli security firm Check Point have reportedly discovered how cyber criminals are hiding malware in image files, and how they are executing the malware code within these images to infect social media users with Locky variants.
According to researchers, malware authors have discovered security vulnerabilities in the Facebook and LinkedIn that forcibly download a maliciously coded image file on a user’s computer, though in some cases, the user has to click on the image file to download.
When the user detect the automatic download and access that malformed image file, malicious code installs the Locky ransomware onto the user’s computer, which encrypts all files on the infected computer until a ransom is paid.
Flaws in Facebook and LinkedIn Remain Unpatched
The security firm has declined to provide technical details as the vulnerability the malware relies on still impacts both Facebook and LinkedIn, among other unnamed web services.
“The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website,” Check Point researchers say.
“The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.”
CheckPoint says the firm reported the issue to both Facebook and LinkedIn back in September, but the vulnerabilities remain unpatched in both the platform, which is now actively being exploited by attackers.
Video Demonstration of the Attack
You can also watch the video demonstration of this attack, which CheckPoint dubbed ImageGate, which shows the attack in action.
Locky is Spreading Massively via Social Media Platform
Locky ransomware has been around since early this year and has become the biggest and most common ransomware family known today. It works by encrypting victims’ files with RSA-2048 and AES-1024 algorithms and demands a ransom for the key.
Locky ransomware mainly spreads via phishing emails containing a malicious attachment disguised as a Word or Zip file. But since people spend time on social network sites, cyber crooks have turned their focus to finding a way into these platforms.
Check Point says that in the past week, they have noticed a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”
To keep yourself safe, you are advised not to open any unsolicited file that has automatically downloaded onto your computer, especially image files with unusual extensions like SVG, JS, or HTA.
The bottom line: Don’t be curious to look at image sent by someone, at least for the time being.