Social networking sites like Facebook, Twitter, or even “professional” ones like LinkedIn have become so ingrained in our modern lifestyles that we sometimes take for granted that they aren’t really as secure as real-world, physical social circles. That is a fact that cybercriminals seem to be trying to exploit, taking advantage of users’ propensity to just click on images and files downloaded from social hubs. Unsurprisingly, those images might contain or are themselves malware in disguise, ready to hold users’ data for ransom.
Banish your preconceived notion of viruses, trojans, and malware taking the form of shady programs only. According to security outfit Check Point, even what looks like innocent images and photos can be crafted to actually be malware. That is definitely the case in what the software lab has dubbed “ImageGate”, because everything has to have a “-gate”.
The process of attacking an unsuspecting victim is really genius in its simplicity. The attacker simply uploads on Facebook or LinkedIn or sends via private message a file that poses as an image. Once the user is conned into downloading and opening the file, the actual payload of the file, which is ransomware, begins its dirty work. By then it is already too late for the user to do anything.
Check Point discovered this kind of attack while investigating the case of rampant infections made by a certain Locky ransomware. Like any ransomware, it takes hold of the user’s files, encrypts them, and demands that users pony up a certain amount to decrypt the files. What’s different in this case is that the attackers aren’t exactly making users click random links to websites but, instead, click on and download what they think are images posted on legit social networking sites.
At the moment, there are no fixes for Locky-infected systems. Check Point can only advise caution when browsing the likes of Facebook. It reminds users that real, legit photos are actually viewable on the social networking sites without requiring them to download it first. And in case they inadvertently download such a file, they should not attempt to open it, especially if it has an unfamiliar filename extension.
SOURCE: Check Point