Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 4 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Check Point uncovers new method for distributing malware through images

by The Gurus
November 28, 2016
in Editor's News
Share on FacebookShare on Twitter

Check Point announced that its security researchers have identified a new attack vector, called ImageGate, which embeds malware in image and graphic files.  The researchers have discovered the hackers’ method of executing the malicious code within these images through social media applications such as Facebook and LinkedIn.
According to the research, the attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website.  The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.
Over the past three days, the security industry has followed the massive spread of Locky ransomware via social media, particularly in its Facebook-based campaign.  Check Point researchers strongly believe that the new ImageGate technique reveals how this campaign was made possible, a question which has been unanswered until now.
The Check Point researchers were able to uncover the attack vector which affects major websites and social networks worldwide, including Facebook and LinkedIn. Check Point updated Facebook & LinkedIn about this attack vector early in September.
In cases involving Locky ransomware, once users download and open the malicious file that they receive, all the files on their personal device are automatically encrypted and they can only gain access to them after the ransom is paid.
“As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms,” said Oded Vanunu, Head of Check Point’s Products Vulnerability Research. “Cyber criminals understand these sites are usually ‘white listed’, and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities. To protect users against the most advanced threats, Check Point researchers strive to identify where attackers will strike next.” 
How to stay protected
Check Point recommends users take the following preventive measures:

  1. If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading it.
  2. Don’t open any image file with an unusual filename extension (such as SVG, JS or HTA).

Researchers developed a video demo of the infection process, available here:  https://youtu.be/sGlrLFo43pY

ShareTweet
Previous Post

Why Israel produces such young entrepreneurs

Next Post

Chargebacks could ruin online retailers’ biggest shopping days of the year

Recent News

pentesting

Pentesting is dead. Long live pentesting.

July 3, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol