As users become more vigilant in protecting themselves and their devices against malware, hackers are becoming more creative in how they spread their infected files.
According to a report by security firm Check Point, the latest development on malware propagation is the utilization of image files that come from social networks such as Facebook and LinkedIn.
Check Point Unveils ImageGate
According to researchers from Check Point, they have discovered a new attack method that has been named ImageGate.
Attackers were reported to have developed a new way of embedding malicious code into image files, sometimes with unusual extensions of SVG, HTA or JS but also at times in JPG or PNG form, which they then upload to social media websites. The attackers then exploit misconfigurations in the infrastructure of the social networks to force users to download the infected image files, which then spread the malware into machines upon clicking on the downloaded file.
Check Point researchers believe that a variant of the Locky ransomware is being propagated through ImageGate, with users who are tricked into opening the infected image files suddenly finding their files encrypted. As with all forms of ransomware, users that are victimized by ransomware will only be able to regain access to their files upon paying the amount that the hackers demand.
Locky was the same ransomware that held the medical data of a hospital in Kentucky hostage back in March. In July, a website that looks to help ransomware victims recover their data was launched, but it is not an all-encompassing solution.
How To Protect Yourself Against ImageGate And The Locky Ransomware
For protection against being victimized by Locky, as propagated through ImageGate or by any other method, the only thing that users will need to remember is to never open a suspicious file. As long as the infected file is not opened, even if it was downloaded, the ransomware will not be able to spread into the user's device and it can be safely deleted.
However, the alarming thing for Check Point is that ImageGate is using social networks as a delivery mechanism. Security apps and users place a huge amount of trust in the security of these websites, which could lead to the opening of infected files as they come from Facebook or LinkedIn.
ImageGate Not For Ransomware?
A spokesperson for Facebook, however, said that the analysis of Check Point is incorrect, as the problem of forced downloads to users of the social network are actually related to several Chrome extensions that were not working correctly. The extensions have since been reported by Facebook to the appropriate parties, with the spokesperson adding that there is no connection in the issue to ransomware such as Locky.
Nevertheless, it is better to remain vigilant against malware, as one wrong move could compromise the security of your device and all the important files stored within it.