A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn.
According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user’s computer. Users who notice the download, and who then access the file, cause malicious code to install “Locky” ransomware onto their computers.
Locky has been around since early this year, and works by encrypting victims’ files and demands a payment of around half a bitcoin (currently £294; $365) for the key. Previously, it had relied on a malicious macro in Word documents and spam e-mails, but Check Point says that in the past week there has been a “massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign.”