- Malicious SVG files are being used as a tool to secretly like Facebook posts without obtaining user permission.
- Hackers embed encrypted JavaScript within images to evade detection and carry out harmful social media account takeovers
- A Trojan known as Trojan.JS.Likejack covertly increases the visibility of specific Facebook posts by taking advantage of logged-in users' sessions without their knowledge.
Cybersecurity experts have discovered numerous adult websites that are inserting harmful code into Scalable Vector Graphics (.svg) files.
In contrast to standard image formats like JPEG or PNG, SVG files employ XML text to create images, which may also incorporate HTML and JavaScript.
This functionality makes SVG appropriate for interactive visuals but also creates opportunities for misuse via attacks such as cross-site scripting and HTML injection.
How a clickjacking attack functions
Research from Malwarebytesdiscovered that selected visitors to these websites come across trap-filled SVG images.
Upon clicking, the files execute highly obfuscated JavaScript code, occasionally employing a combined form of a method referred to as "JSFuck" to conceal the script's actual intent.
After being decoded, the code retrieves additional JavaScript, eventually executing a payload known as Trojan.JS.Likejack.
If the victim has a Facebook account active, the malicious software automatically clicks "Like" on a specific post without permission, increasing its exposure in social media feeds.
The rise in exposure enhances the likelihood that the specific post will show up in more users' feeds, subtly transforming unaware visitors into advocates without their awareness.
The misuse of SVG files is not a recent phenomenon. Two years prior, pro-Russian hackers utilized the format to execute a cross-site scripting attack on Roundcube, a webmail platform accessed by millions.
In recent times, phishing attacks have utilized SVG files to display counterfeit Microsoft login pages that are already filled with the victims' email addresses.
Scientists discovered that numerous of these attacks come from linked websites, typically hosted on services such as blogspot[.]com, and occasionally providing explicit celebrity photos that may have been created using artificial intelligence.
Facebook frequently closes accounts associated with these violations, but the individuals running the campaigns often come back with fresh profiles.
With additional areas implementing age verification policies for adult material, certain users might seek out sites with fewer restrictions that use strong marketing strategies.
How to stay safe
The impact of this campaign extends past undesirable social media engagements. These methods can be utilized for more damaging intentions, includingidentity theft or credential harvesting.
Experts recommend using updated security suitesthat can identify and prevent access to questionable domains.
Additionally, make sure your system is correctly set upfirewallto stop unauthorized data movement.
Real-time protection can detect dangers prior to their execution, and understanding file types that can run code is crucial.
While using a VPNcan aid in preserving confidentiality, it is not a replacement for robustendpoint protection and cautious online behavior.
First and foremost - exercise caution when clicking on links online.
You might also like
- These are the best VPNs with antivirusyou may use it right now
- Check out our selection of thebest internet security suites
- False TikTok stores discovered distributing malware to unaware users
Enjoyed this article? To discover more stories like this, follow us on MSN by clicking the +Follow button located at the top of this page.