Facebook Denies Check Point's Claim About Malware-Tainted Images

Researchers at Check Level Device Applied sciences allegedly to find photographs spreading ransomware on social media websites, however Facebook calls their analysis “mistaken.”
Researchers at safety company Check Level Device Applied sciences warned social media customers that on-line criminals have begun the usage of specifically crafted picture information to unfold ransomware the usage of a weak spot in some social media services and products.The record, posted to the corporate’s web page, got here as attackers used Facebook and different services and products to unfold photographs containing hyperlinks to websites that might attempt to trick customers into downloading the Locky ransomware.

The corporate’s researchers claimed Nov. 24 that it had discovered an extra infrastructure weak spot in some social media services and products that allowed the assault to be more practical.”The attackers exploit a misconfiguration at the social media infrastructure to intentionally power their sufferers to obtain the picture document,” the Check Level researchers stated. “This ends up in an infection of the customers’ tool as quickly because the end-user clicks at the downloaded document.”On Monday, then again, Facebook denied the problem and known as the analysis “mistaken.”

“There’s no connection to Locky or every other ransomware, and this isn’t showing on Messenger or Facebook,” the corporate stated in an electronic mail remark despatched to eWEEK.

The social media massive stated it had first realized of the prospective factor on Nov. 22, which Check Level described as an URL-handling factor that emerges in Firefox. Closing week, the corporate stated that  any other staff of assaults used malicious or insecure extensions in Chrome to propagate ransomware hyperlinks.”We investigated those experiences and found out there have been a number of unhealthy Chrome extensions, which we have now been blockading for just about every week,” Facebook stated in its remark. “We additionally reported the unhealthy browser extensions to the right events.”The spat between Facebook and Check Level is odd, since the safety company claimed in its weblog submit that it had contacted each Facebook and LinkedIn about this factor in September.If picture information are concerned, it will no longer be the primary time that attackers had discovered some way to make use of graphics to unfold malware.
Vulnerabilities in regularly used picture libraries have resulted in assaults embedded in photographs.”The concept that of spreading via photographs isn’t new—we have now noticed this for no less than 10 years,” Derek Manky, international safety strategist for Fortinet, informed eWEEK. “Whether it is an image-based exploit, it’s going to depend at the picture renderer—the parser—to commute up at the malicious code embedded within the picture to execute malicious instruction, (similar to) obtain the Locky payload.”But, with Facebook refuting Check Level’s analysis, the one sure bet is that attackers wish to social media as a greater approach to unfold malware.”As extra folks spend time on social networking websites, hackers have became their focal point to give you the chance in to those platforms,” researchers from Check Level said in its weblog submit. “Cyber-criminals perceive those websites are generally whitelisted, and because of this, they’re regularly on the lookout for new tactics to make use of social media as hosts for his or her malicious actions.”Check Level advisable that customers don’t open picture information downloaded from the Web, including that “any social media web page must show the image with out downloading any document.” As well as, customers must no longer open any purported photographs with an odd extension, similar to SVG, JS, or HTA.Requests for remark from Check Level weren’t in an instant returned.