Malware uses Facebook and LinkedIn images to hijack your PC (updated)
You're forced to download code that holds your computer for ransom.
Malware doesn't always have to attack your computer through browser- or OS-based exploits. Sometimes, it's the social networks themselves that can be the problem. Researchers at Check Point have discovered that a variant of known ransomware, Locky, is taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The trick forces your browser to download a maliciously coded image file that hijacks your system the moment you open it. If you do, your files are encrypted until you pay up.
While the actual Locky code is relatively pedestrian and easy to avoid if you're aware (just don't open the file), it's the delivery mechanism that has analysts worried. Many security apps explicitly trust big social networks, and many people aren't used to worrying about their downloads at sites like Facebook.
Check Point says it told Facebook and LinkedIn about the exploit in September, but it's not clear that there are fixes in place. We've reached out to both companies to find out what the situation is right now. Whether or not you're in the clear, this is a reminder that you can't take the safety of social sites for granted -- it's a good idea to be wary of any downloads you weren't expecting.
Update: A Facebook spokesperson tells us that these reports had it wrong -- this isn't a case of ransomware. These were really "bad Chrome extensions" propagating a scam by sending messages to others, and they were blocked several days ago. You can read the full explanation below.
"This analysis is incorrect. There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook. We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week. We also reported the bad browser extensions to the appropriate parties."
[Thanks, Kristy]