According to a group of researchers from Check Point Software Technologies, there is a new threat in the ransomware family, christened as the Imagegate that especially attacks the social networks such as Facebook and LinkedIn, using a simple image. The warning was made by the security company Check Point that reveals the existence of a new dangerous threat, especially that it attacks the users of social networks. According to the company information, the method of attack is to explore a widespread failure of current social networks, which allows any attacker simply to upload images with embedded malicious code. After the user clicks on the malicious image to view (which apparently seems to be a .JPG image), it simply prompts the victim to choose which disk location to store this image. However, the image gets saved locally with the extension “.hta” and not “.JPG”. If the user tries to open the image, Locky ransomware gets into action and proceeds immediately to the codification of personal files. Check Point Software Technologies researchers says that “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file”. Check Point Software Technologies also added that they reported the issue to both the social media companies Facebook and LinkedIn back in September, but the vulnerabilities remain unpatched in both the platform, which is now actively being exploited by the attackers. So, after the encryption of personal data, the user get informed that he/she was attacked and being asked to pay for the rescue of files. Here is the thorough video presentation of the attack:-
For the security researchers of the security company Check Point, Roman Ziakin and Dikla Barda, this is a vulnerability that must be quickly resolved. Hence, we strictly advise you to not open any gratis file that gets automatically downloaded onto your computer, especially the image files with the unusual extensions like “SVG, JS, or HTA”. As the attackers are very attentive to spread this type of malicious files via social networks.