Israeli security firm Check Point discovered a malware program that exploits vulnerabilities on social media platforms like Facebook. Apparently, the security flaw in Facebook leads to a maliciously coded image file that downloads itself to the computer. Once it is accessed the Locky ransomware will be installed to the device. In a statement to Engadget, Facebook said that the said ransomware is not on their social media site.
Though Facebook did not immediately respond to the report, a spokesperson for the tech giant has aired the company's side. According to Engadget, Facebook said that Check Point's analysis is "incorrect". The problem that the firm discovered is not a "case of ransomware". They claim that the culprit is actually the "bad Chrome extensions". The spokesperson added that Facebook "have been blocking [them] for nearly a week". This has already been reported to the "appropriate parties". The security firm had notified both Facebook and LinkedIn about this issue back in September.
Checkpoint reported that hackers are now using the social media platforms to attack your computer. This is usually done through one's browser or operating system. Apparently, a new attack vector called ImageGate that causes malware images and graphic files have been their means to exploit unsuspecting users.
According to Engadget, once you open these images, it immediately "hijack your system". The result would be having your files being encrypted. The user will have no option but to pay up. Those who use Facebook are advised to be cautious of files that were automatically downloaded. Files with an extension such as SVG, JS or HTA should be avoided.
Though Check Point has released preventive measures like the ones mentioned above, it is yet to reveal further details about the said attack vector. The firm mentioned that it will do that after "the remediation of the vulnerability in the major affected websites". This precaution is to ensure that hackers would be able to take advantage of the information.
Ars Technica reports that the ransomware variant Locky has existed since early 2016. Criminals make use of it to demand payment from affected users for the key of their encrypted files. Victims would have to spend around $365. Their previous exploits were done through Word documents and spam e-mails. It now seems that these criminals are constantly looking for ways to do their activities. The fact that many people are on social media, it would be a perfect place for their new operation.