A new threat has been discovered involving Locky ransomware, this time infecting users via social media images, particularly from Facebook and LinkedIn campaign.
Locky ransomware, which was first discovered earlier this year is using flaws in the way Facebook and LinkedIn handling its images to infect your PC. It hacked the image by embedding malicious code into it. In addition to that, there was report saying attacker also using Facebook Messenger to send users malware disguised as SVG image file.
Opening the image will have all of your files encrypted and the only way to have your files back is by paying the ransom to get decryption key.
As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms. Cyber criminals understand these sites are usually ‘white listed,’ and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities.
– Check Point
As the time I wrote this article, both Facebook and LinkedIn still haven’t fixed the vulnerability although the issues was reported to them back in September.
Although this threat is easily avoided by not opening the file, as a precaution you are advised to be wary of any files sent to you or automatically downloaded to your computer, especially those from Facebook and LinkedIn among others.
Update: Facebook has commented on these reports saying the analysis was wrong. The issue has no relation with Locky ransomware but instead a case of “bad Chrome extensions” which has since blocked by them.
“This analysis is incorrect. There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook. We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week. We also reported the bad browser extensions to the appropriate parties.” – Facebook