ImageGate – Emerging Threat to Facebook: Plagued images involve Locky

Beware of Facebook pictures. ImageGate could infect you.

ImageGate is a new threat that is spreading on social networks like Facebook and LinkedIn. It involves criminals trying to persuade you to click on photos.

But these photos are contaminated with malicious software. We will show you how to protect yourself.

As soon as you click on the picture, it opens as it would usually. But there is a new capability to embed malicious code into the image file. A mis-configuration of the social media infrastructure means that the victims are forced into downloaded the image file unknowingly. This results in the victim’s device being infected as soon as the downloaded file is clicked. The infamous Locky Ransomware hides behind it. It encrypts personal data and then requests a ransom.

Facebook pictures contaminated with Locky

So this is just the latest variant of the ransomware Locky. Facebook pictures are infected. But all images on social networks could be contaminated. The idea of the crooks behind it, is that pictures spread over social networks extremely fast. If they are infected with Locky, then the blackmailer is spread very fast indeed. And of course this is handy for the hackers, because they want only one thing: your money. By the way, a security study has found that every 81 seconds malicious software is downloaded from the Internet. However, this is known malware, which is fished out by antivirus programs. Within 60 seconds, 274 unknown threats are discovered. In fact, there are many more in the form of viruses, malware and spam. And this has consequences for you as a user. Especially if the social networks are now unsafe.

ImageGate – a campaign of criminals

This new phenomenon to ship contaminated images via social networks, has been identified by researchers at CheckPoint and they have named it “ImageGate”. The criminals use a mistake in the social media system to make their victims consciously click on images. Once the downloaded file is clicked, the computer is infected and Locky starts to encrypt the data. After payment of a ransom, the encrypted data is released again. But only in best case scenario … because it can also be that the crooks will continue to extort money from you.

Protection from the effects of ImageGate and Locky

How to stay protected:

CheckPoint recommends the following preventive measures:

  1. If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file.
  2. Don’t open any image file with unusual extension (such as SVG, JS or HTA).

Automatically create a backup of your most important data on an external hard disk or a USB stick. Also separate your external devices from the infected computer.