Ransomware / Security hole / Uncategorized

ImageGate: Images contain ransomware!

ImageGate: Images contain ransomware!

Images contain ransomware: It is a new method to get infected with Locky! Up to now, the widespread encryption trojan came preferably via an email mailbox on the computer. The strategy is now changing. Social networks are in focus!

Images contain ransomware – do not download!

It’s no longer the dubious e-mail with a Word file attached (although the attack is still popular with HR departments). The attackers, hackers and cyber criminals have found a way to put the Trojan in image files. Want to download a wallpaper from Facebook? It could happen that a dubious format is suggested to you!

This way you protect yourself from Locky and other encryption Trojans!

You have clicked on a picture and your browser starts a download, although you only wanted to look at a picture? You should not open the file under any circumstances. After all, in social media you can view pictures without downloading anything! The pictures contain an unusual format such as SVG, JS or HTA? Another sign of an infected image file! Only SVG is a common format for images – but for vector graphics, and not for social networks1!

Images contain ransomware? Are there any further details?

Check Point, the discoverers of the method, will not release technical details until the vulnerability has been fixed on the largest and most important websites. The publication is not intended to encourage others to test the vulnerability2. If you want to get an impression of how an infection works, you can watch the following video:


Images contain ransomware!

The attackers become more and more creative and find more gaps. By means of such examples you can see this impressively! However, this attack is particularly critical because there is a particularly large target group. Since one runs the risk of catching an encryption Trojan in social networks also rather rarely, this possibility can bring particularly high “encryption rates”! If a prominent Facebook account is hacked, a few seconds are enough to infect the first fans and followers with Locky! For this reason, this should be corrected quickly before the vulnerability is systematically exploited.

Attention for image files with: .svg .js or .hta extensions!

Weitere Informationen und Quellen

[1] Check Point uncovers a new method for distributing malware through images (checkpoint)
[2] Check Point entlarvt neue Lücken für Ransom- und Malware (Caschys Blog)
[3] Neue Methode zur Verbreitung von Malware durch Bilder (All-about-security)

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.