Beware! Ransomware Spreading Via JPG Files on Facebook, LinkedIn

Internet users are targeted by hackers with the intention to get money from them by all means. Usually, malware is installed on computers through browsers or OS security vulnerabilities and users fall victims to ransomware. But these attacks can be avoided with the right antivirus program an if people are more careful and don’t click on dubious links and banners. However, they tend to forget that sometimes, the social networks themselves can be the source of the problem, because they also have vulnerabilities that can be exploited by hackers.

The malware was first reported by Check Point, an Israeli security firm. According to the report, which takes advantage of vulnerabilities in the way Facebook, LinkedIn and other social networks handle images and it forces the system to download maliciously coded image file. Locky ransomware kicks into action when users access the file.

Opening the file will allow the ransomware called “Locky” to infect the unit, which basically holds the computer hostage. In order for the users to get the key to use their computers again, they will need to pay about $365 in bitcoin form. At least, this is what the people responsible for the malware are demanding.

Ars Technica reports that the malware has been quite prominent during the past year, with many computers becoming infected due to Word documents and the usual spammy email messages. This development involving social media images, however, is an entirely new trend that provides dangerous precedence for other malicious individuals.

After downloading that maliciously coded image file and users open it, their system is hijacked and files are encrypted, and in order to unlock them, victims must pay up (the key costs £294, $365). Back in February, security researcher Lawrence Abrams was warning that “When Locky encrypts a file it will rename the file to the format [unique_id][identifier].locky”, “So when test.jpg is encrypted it would be renamed to something like F67091F1D24A922B1A7FC27E19A9D9BC.locky. The unique ID and other information will also be embedded into the end of the encrypted file.”

The only way to avoid the actual Locky code, which has been around for almost a year, is to be aware of it and to not open the file. But usually, people who use social networks trust them and don’t realize that they open their doors to hackers who exploit flaws in these websites. Both Facebook and LinkedIn have been contacted by the Israeli security firm in September, but it’s not sure if the developers have the situation under control.

Check the demonstration below: