A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn.
According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user’s computer. Users who notice the download, and who then access the file, cause malicious code to install “Locky” ransomware onto their computers.
Locky has been around since early this year, and works by encrypting victims’ files and demands a payment of around half a bitcoin (currently £294; $365) for the key.
