Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts
Low-tech malware snares users via flaws in social networks' code to spread automatically.
A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn.
According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer. Users who notice the download, and who then access the file, cause malicious code to install "Locky" ransomware onto their computers.
Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin (currently £294; $365) for the key. Previously, it had relied on a malicious macro in Word documents and spam e-mails, but Check Point says that in the past week there has been a "massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign."
Check Point won't go into detail on how the exploit works until the vulnerability is patched by LinkedIn and Facebook. However, its researchers have claimed:
The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms. Cyber criminals understand these sites are usually 'white listed,' and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities.
http://arstechnica.com/security/2016/11/locky-ransomware-decoy-image-files-boobytrap-facebook-linkedin/
Aucun commentaire:
Enregistrer un commentaire
Merci de modérer vos propos quelque soit le sujet. Pour rappel, tout propos diffamatoire, violent, raciste, homophobe ou de manière général déplacé sera supprimé, son auteur banni du blog et eventuellement poursuivi.
Ce blog est personnel et n est en rien lié aux activités professionnelles ( Mobiquant)
Remarque : Seul un membre de ce blog est autorisé à enregistrer un commentaire.