Is ransomware targeting Facebook Messenger users?

CheckPoint says it's found ransomware, but Facebook disagrees

A phishing campaign could be distributing ransomware through Facebook Messenger and LinkedIn, according to security firm Check Point, but Facebook has denied this is the case.

Affected users receive a jpeg image file through Facebook Messenger, which appear as a file preview, not an attachment. If they click on the image, they are asked to select a directory in which to download the file. The scam, dubbed ImageGate, embeds the malware into the file, the research firm said.

CheckPoint claimed that double clicking on the saved file releases Locky ransomware, which encrypts files on users' devices, and only grants access after they pay a ransom, though Facebook said the files only lead to bad Chrome extensions. 

In a post about these attacks, Check Point researchers Roman Ziakin and Dikla Barda wrote: "In the past week, the entire security industry is closely following the massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The post adds: "As more people spend time on social networking sites, hackers have turned their focus to find a way into these platforms. Cyber criminals understand these sites are usually 'white listed', and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities."

With Locky, there is no way of decrypting files without paying the ransom. Its creators also recently switched to a different encryption extension (.zzzzz), that prompts a different downloader and is harder for an antivirus to detect.

However, IT Pro understands the impact of ImageGate on Messenger users is very limited, and Facebook said it is already blocking the extensions it says these files lead to.

A Facebook spokesperson said: "We maintain a number of automated systems to help stop harmful links and files from appearing on Facebook, and we are already blocking these ones from our platform. In our investigation, we determined that these were not in fact installing Locky malware - rather, they were associated with Chrome extensions. We have reported the bad browser extensions to the appropriate parties."

Picture credit: Facebook

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/policy-legislation/32857/irish-data-protection-commission-facebook-whatsapp-instagram-merge
Policy & legislation

Irish Data Protection Commission has questions for Facebook

29 Jan 2019
Visit/security/internet-security/354484/facebook-exec-calls-cambridge-analytica-scandal-a-non-event
internet security

Facebook exec calls Cambridge Analytica scandal a "non event"

8 Jan 2020

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020