FaceBook Hacking Via ImageGate Uncovered: Mechanism Of Action, Tips For Prevention & More

It is a known fact that hackers are always on the watch for some way or other to compromise user data for their advantage. A recent discovery from Check Point researchers states that there is a new attack vector named ImageGate out in the web. Hackers execute their malware code by embedding it inside an image and graphic files shared on social media platforms like Facebook and LinkedIn.

Image File Malware

The research suggests that, the hackers have found new ways to embed malware code into image files that have unusual extensions of SVG, HTA or JS and rarely JPG and PNG. They spread the malicious code via social media websites and force users to download the image file through deliberate attempts and pop-ups.When the user clicks the image to check what was their download, the image automatically infects the device thereby compromising the security of data in the user's machine.

A LockyRansomware Variant

Check Point researchers uncovered that the vector that is being propagated via ImageGate is a type of Lockyransomware. This malware tricks the users in opening it, only to find their files getting suddenly encrypted. As seen in the previous ransomware attacks, users will be able to get access to their encrypted files only upon paying the ransom that the hackers demand.

Lockyransomeware is none other than the one that held a Kentucky's hospital data as a hostage in March 2016. Early in September, Check Point notified the social media sites Facebook and LinkedIn on the attack vectors. Talks around the industry,suggest that the campaign is still on and it is accumulating new victims every day.

Facebook's Response

As a majority of people spend time on social networking sites, it is indeed the best place hackers pull-out their tricks, however, secured and white-listed these sites may be.

A Facebook spokesperson expressed that the Check Point's analysis is inappropriate. The problem of forced downloads faced by social media users is actually a result of several ill-functioning Chrome extensions. Facebook has reported about these extensions to the concerned parties. He also affirmed that there is no link between the issue in hand and a ransomware like Locky.

How To Stay Protected

It is always better to be safe than sorry. Hence users can take note of the following tips to stay protected from the attacks of unwanted malware.

• Do not open unknown downloads at any instance. Be it an image or a text or any file.
• Don't open any image file with unusual extension (such as SVG, JS or HTA).
• Delete the image file that gets forcibly downloaded into your device, carefully without opening.

Hence, it is better that users always have an eye on their downloads to keep such discrepancies at bay.