Facebook isn’t Safebook. That’s the message from IT professionals, who say a well-known type of malware called Locky Ransomware is spreading through Facebook Messenger and can infect corporate networks. The ransomware masquerades as an apparently harmless image file, usually with a generic title and an .svg (Scalable Vector Graphics) extension. When the user clicks on the image, the victim is redirected to a website that deliveries the malware using a trojan downloader.

The website may appear to be YouTube, with a video from Facebook and a request to install additional extensions to actually view the video. If the user authorizes addition of the extension, the attack can then use Facebook Messenger to spread the attack to users’ friends via Messenger.

When the ransomware is downloaded, all the files on the victim’s personal device are automatically encrypted, and access can only be regained after a ransom is paid. Much of the concern among IT professionals appears to derive from the fact that so many companies allow employees to access Facebook and other social media sites at work, unleashing the malware in corporate networks. This represents a potentially massive hole in corporate security programs, warns NTT Security on its company blog.

A software security company called Check Point Software Technologies says on its company blog that it has uncovered a new attack vector called ImageGate that embeds malware in image and graphic files. The blog warns that the malicious code can also be spread through other social media applications such as LinkedIn. The company says attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file.

Facebook, however, has denied that Locky is being spread through the spam campaign and also disputed Check Point’s findings, according to SC Media. “This analysis is incorrect. There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook…” said a Facebook spokesperson in a statement emailed to SC Media.

Just in case, Check Point offers these tips for staying safe on Facebook:

  • If you click on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file.
  • Don’t open any image file with unusual extension (such as SVG, JS or HTA).