Checkpoint security describes an innovative attack where ImageGate embeds malicious code in graphics files.  Users should exit their browser session if an unusual file unexpectedly starts to download after clicking on an image.

Check Point researchers identified a new attack vector, named ImageGate, which embeds malware in image and graphic files. Furthermore, the researchers have discovered the hackers’ method of executing the malicious code within these images through social media applications such as Facebook and LinkedIn.

According to the research, the attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.

As more people spend time on social networking sites, hackers have turned their focus to find a way in to these platforms. Cyber criminals understand these sites are usuallywhite listed’, and for this reason, they are continually searching for new techniques to use social media as hosts for their malicious activities. To protect users against the most advanced threats, Check Point strives to identify where attackers will strike next.

Check Point recommends the following preventive measures:

1.If you have clicked on an image and your browser starts downloading a file, do not open it. Any social media website should display the picture without downloading any file

2.Don’t open any image file with unusual extension (such as SVG, JS or HTA).

ImageGate: Check Point uncovers a new method for distributing malware through images