Locky ransomware reportedly spreading on Facebook Messenger via JPG file

74

Very recently, it was reported that a piece of malware was spreading on Facebook, which exploited an image file to install malware. Today, a security firm has discovered a similar trick, which again takes advantage of images in order to install the Locky ransomware.

[embedded content]

Dubbed as ‘ImageGate’ by Check Point Software Technologies, the malware is reportedly equipped with a capability to embed malicious code into an image file, and then upload it directly onto Facebook. “The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file,” researchers Roman Ziakin and Dikla Barda wrote. “This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.”

In its demonstration of how the malware actually works, the researchers send an innocent-looking JPG file through Facebook Messenger. Once the sent attachment is clicked, it will open a Windows save prompt, where it will download a .hta file.

Double-clicking on the downloaded file will reportedly unleash a copy of the Locky ransomware, which will then encrypt numerous files on the victim’s computer. At this point, in order to free the computer from infections, they will have to pay the ransom money, which may vary in cost.

It is no longer surprising that perpetrators are attacking websites like Facebook, given its many users whom they can take advantage of. “Cyber criminals understand these sites are usually ‘white listed’, and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities,” according to the researchers.

We have reached out to Facebook, and will update this article once we hear more.

With these things in consideration, it always pays to be wary of what we click on the internet, even if it seems to come from someone you trust. Warning others about possible malware attacks will greatly help as well, in order for us to stay safe and protected on the internet.

Source: Check Point via The Register