- Malicious SVG files are being used as a tool to secretly like Facebook posts without obtaining user permission.
- Hackers embed disguised JavaScript within images to evade detection and carry out harmful social media account takeovers
- A Trojan known as Trojan.JS.Likejack secretly increases the visibility of specific Facebook posts by taking advantage of logged-in users' sessions without their knowledge.
Cybersecurity experts have discovered numerous adult websites that are incorporating harmful code within Scalable Vector Graphics (.svg) files.
Unlike standard image formats like JPEG or PNG, SVG files utilize XML text to create images, which may also incorporate HTML and JavaScript.
This functionality makes SVG appropriate for interactive visuals but also creates an opportunity for misuse via attacks such as cross-site scripting and HTML insertion.
How a clickjacking attack functions
Research from Malwarebytesdiscovered that selected visitors to these websites come across trap-filled SVG images.
Upon clicking, the files execute highly obfuscated JavaScript code, occasionally employing a combined form of a method referred to as "JSFuck" to conceal the script's actual intent.
After being decoded, the code retrieves additional JavaScript, eventually executing a payload known as Trojan.JS.Likejack.
If the victim has a Facebook session active, the malware automatically clicks "Like" on a specific post without permission, increasing its exposure in social media feeds.
The rise in exposure enhances the likelihood that the specific post will show up in more users' feeds, subtly transforming unaware visitors into advocates without their awareness.
The misuse of SVG files is not a recent issue. Two years prior, pro-Russian hackers utilized the format to execute a cross-site scripting attack on Roundcube, a webmail platform accessed by millions.
In recent times, phishing attacks have utilized SVG files to display counterfeit Microsoft login pages that are already filled with the victims' email addresses.
Scientists discovered that numerous of these attacks come from websites that are linked together, frequently hosted on services such as blogspot[.]com, and occasionally providing explicit celebrity photos that are probably created using artificial intelligence.
Facebook frequently closes accounts associated with these violations, but the individuals running the campaigns often come back with fresh profiles.
With additional areas implementing age verification policies for adult material, certain users might seek out sites with fewer restrictions that use strong marketing strategies.
How to stay safe
The impact of this campaign extends past undesirable social media engagements. These methods can be employed for more damaging objectives, includingidentity theft or credential harvesting.
Experts recommend using updated security suiteswhich can identify and prevent access to questionable domains.
Additionally, make sure your system is correctly set upfirewallto stop unauthorized data movement.
Real-time protection can detect dangers prior to their execution, and understanding file types that can run code is crucial.
While using a VPNcan aid in preserving confidentiality, it is not a replacement for robustendpoint protection and cautious online behavior.
First and foremost - exercise caution when clicking on links online.
You might also like
- These are the best VPNs with antivirusyou may use it right now
- Check out our selection of thebest internet security suites
- Phony TikTok stores discovered distributing malicious software to unaware users
Liked this article? To discover more stories like this, follow us on MSN by clicking the +Follow button located at the top of this page.