Malware doesn’t always have to attack your computer through browser- or OS-based exploits. Sometimes, it’s the social networks themselves that can be the problem. Researchers at Check Point have discovered that a variant of known ransomware, Locky, is taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The trick forces your browser to download a maliciously coded image file that hijacks your system the moment you open it. If you do, your files are encrypted until you pay up.
Check Point says it told Facebook and LinkedIn about the exploit in September, but it’s not clear that there are fixes in place. We’ve reached out to both companies to find out what the situation is right now. Whether or not you’re in the clear, this is a reminder that you can’t take the safety of social sites for granted — it’s a good idea to be wary of any downloads you weren’t expecting.