- Malventy SVG files are under armament to secretly secretly user user consent
- The attackers hide the obscure javascript
- Trojan.js.Likejack silently stimulates targeted Facebook publications by operating active sessions of victims without distrust
Security researchers have discovered dozens of adult websites that incorporate malicious code into scalable vector graphics (.SVG).
Unlike common image formats such as JPEG or PNG, SVG files use XML text to define images, which may include HTML and JavaScript.
This functionality makes SVG adapted to interactive graphics, but also opens the door to operating by attacks such as crossed scripts and HTML injection.
How the Jacking Clicking attack works
Malwarebytes research has revealed that visitors selected on these websites meet SVG trapped images.
When you click on, the files strongly run the obscured JavaScript code, sometimes using a hybrid version of a technique known as “JSfuck” to disguise the real objective of the script.
Once decoded, the code downloads more JavaScript, finally deploying a payload identified as Trojan.js.Likejack.
If the victim has an open facebook session, the malware clicks silently “like” on a targeted article without consent, strengthening his visibility in social flows.
The boost of visibility increases the chances that the targeted position appears in more user flows, effectively transforming visitors without distrust of promoters without their knowledge.
The abuse of SVG files is not new. Two years ago, pro-Russian pirates exploited the format to make an inter-site script attack against Roundcube, a web card platform used by millions.
More recently, phishing campaigns have used SVG files to open false Microsoft pre-reproductive connection screens of victims email addresses.
Researchers discovered that many of these attacks came from interconnected websites, often accommodated on platforms like Blogspot[.]com, and sometimes offering explicit celebrity images probably generated by artificial intelligence.
Facebook regularly closes the accounts involved in such abuses, but those behind the campaigns often come back with new profiles.
Since more and more regions are introducing age verification rules for adult content, some users can turn to less regulated sites that deploy aggressive promotion tactics.
How to stay safe
The effect of this campaign goes beyond unwanted interactions on social networks. These tactics can be used for more harmful purposes, including identity theft or identification harvest.
Experts recommend using updated safety suites that can detect and block suspicious areas.
Also make sure that your system has a properly configured firewall to avoid unauthorized data transfers.
Real -time protection can help identify threats before their execution, and awareness of file formats capable of executing code is essential.
Although the use of a VPN can help maintain confidentiality, it does not replace the strong protection of parameters and prudent online behavior.
Especially – pay attention to what you click on the internet.
