Latest in Gear

Image credit: Reuters/Rick Wilking

Malware uses Facebook and LinkedIn images to hijack your PC (updated)

You're forced to download code that holds your computer for ransom.
5261 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters/Rick Wilking

Malware doesn't always have to attack your computer through browser- or OS-based exploits. Sometimes, it's the social networks themselves that can be the problem. Researchers at Check Point have discovered that a variant of known ransomware, Locky, is taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The trick forces your browser to download a maliciously coded image file that hijacks your system the moment you open it. If you do, your files are encrypted until you pay up.

While the actual Locky code is relatively pedestrian and easy to avoid if you're aware (just don't open the file), it's the delivery mechanism that has analysts worried. Many security apps explicitly trust big social networks, and many people aren't used to worrying about their downloads at sites like Facebook.

Check Point says it told Facebook and LinkedIn about the exploit in September, but it's not clear that there are fixes in place. We've reached out to both companies to find out what the situation is right now. Whether or not you're in the clear, this is a reminder that you can't take the safety of social sites for granted -- it's a good idea to be wary of any downloads you weren't expecting.

Update: A Facebook spokesperson tells us that these reports had it wrong -- this isn't a case of ransomware. These were really "bad Chrome extensions" propagating a scam by sending messages to others, and they were blocked several days ago. You can read the full explanation below.

"This analysis is incorrect. There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook. We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week. We also reported the bad browser extensions to the appropriate parties."

[Thanks, Kristy]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
5261 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Wirecutter's best deals - Jabra Elite 85h Bluetooth headphones drop to $200

Wirecutter's best deals - Jabra Elite 85h Bluetooth headphones drop to $200

View
Homeland Security doesn’t want Americans' airport face scans after all

Homeland Security doesn’t want Americans' airport face scans after all

View
Qualcomm pushes for cheaper Snapdragon PCs with its 7c and 8c chips

Qualcomm pushes for cheaper Snapdragon PCs with its 7c and 8c chips

View
Microsoft's redesigned Office mobile apps read text out loud

Microsoft's redesigned Office mobile apps read text out loud

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr