Researchers have identified a new ransomware dubbed as the “ImageGate”, which embeds malware in image and graphic files. Researchers claim that the attacker’s method of executing the malicious code within images was through social media platforms; Facebook and LinkedIn.
“The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file,” explained Roman Ziakin and Dikla Barda, Check Point Research team.
Check Point recommends that once you have clicked on an image and your browser starts downloading a file, do not open it.
According to researchers, the attackers are targeting social media sites because they are ‘white listed’ on browsers and can easily be used on attack users. It adds that attackers are “continually searching for new techniques to use social media as hosts for their malicious activities.”
The researchers also recommend users not to open any image file with unusual extension such as SVG, JS, or HTA which may be infected with malware. Check Point claims that it updated Facebook and LinkedIn of the attack vector in September.