While scams and scams on Facebook and other similar platforms are nothing new and that campaigns like the one that took advantage of the drama “Brangelina” to steal our data are the order of the day; The truth is that several vulnerabilities detected by Israeli security firm Check Point have forced us to take up the matter again.
Specifically, this is a problem that affects both the social network of Facebook and the community of professional contacts LinkedIn and is being exploited by cybercriminals to try to infect us from Locky ransomware from an image. A bug that has not yet been solved by any of them.
What are vulnerabilities
The security company points out that cybercriminals exploit these vulnerabilities to automatically download an infected image file to the victim’s computer. In some cases the user should click on it – in the case of Facebook located on the right, just above the contacts tab in the web version. When the subject tries to open the image, Locky malware will be installed.
In particular, it is a cryptographic virus that hijacks the computers. Its goal is to encrypt the victim’s files and then demand a ransom. Something that will get you creating a BAT file and another one with VBScript code to download the main threat. Malware, by the way, is spreading like a scourge across.
Check Point, however, did not want to give more technical details about it, as both companies have not yet solved these vulnerabilities. The company also says it already warned them in September. In any case, it warns the users of the danger of opening what resembles an image file with unusual extensions such as: SVG, JS or HTA. These allow downloading content from an online server and running it and are camouflaged, so that the user does not see them.
Curiously, the group that was in charge of creating the ransomware Locky already used them to install it in the past, although it did it through the email instead of the social networks. Finally, it seems that this campaign is related to another one discovered by the security company Bart Blaze on Monday and that, instead of with Locky, it infects with Nemucod.
For the moment and to protect ourselves, we can take a series of concrete measures: if you have already clicked on an image and your browser has already started downloading it, do not open it. And in general, avoid opening any with an unusual extension. Also pay attention to the information that Windows gives you on each extension and activates the display of common extensions.