- Malicious SVG files become weapons to secretly as Facebook -Posts Without User Consent
- Attackers hide blurred javascript in images to bypass detection and perform dangerous social media capsules
- Trojan.js.yjack increases silently targeted Facebook post by utilizing active sessions with unsuspecting victims
Security researchers have revealed dozens of adult sites that embed malicious code inside scalable vector graphics (.SVG) files.
Unlike common image formats, such as JPEG or PNG, SVG files use XML text to define images that may include HTML and JavaScript.
This feature makes SVG suitable for interactive graphics, but also opens the door to exploitation through attacks such as cross-site scripting and HTML injection.
How clickjacking -attack works
Research from Malwarebytes found selected visitors to these sites meet booby-captured SVG images.
Once clicked, the files run heavily veiled JavaScript code, sometimes using a hybrid version of a technique called “JFUCK” to hide the script’s true purpose.
Once decoded, the code further downloads JavaScript, ultimately implementing a payload identified as Trojan.js.yjack.
If the victim has a Facebook session open, click Malware silently “as” on a targeted post without consent, increasing its visibility in social feeds.
The boost in visibility increases the chances that the targeted post will appear in several users’ feeds, which effectively transforms unsuspecting visitors into promoters without their knowledge.
Abuse of SVG files is not new. Two years ago, Pro-Russian hackers utilized the format to perform a scripting attack across the place towards Roundcube, a webmail platform used by millions.
Recently, phishing campaigns have used SVG files to open fake Microsoft login screens, which are pre-filled with the victims’ email addresses.
Researchers found that many of these attacks originate from interconnected sites, often host on platforms like blogspot[.]com, and sometimes explicit celebrity images that are probably generated by artificial intelligence.
Facebook is routinely closing accounts involved in such assaults, but those behind the campaigns often return with new profiles.
As multiple regions introduce age verification rules for adult content, some users may be able to turn to less regulated places that implement aggressive promotion tactics.
How to remain safe
The effect of this campaign goes beyond unwanted interactions on social media. These tactics can be used for more harmful purposes including identity theft or identification harvesting.
Experts recommend using updated security suites that can detect and block suspicious domains.
Also, make sure your system has a properly configured firewall to prevent unauthorized data transfers.
Real-time protection can help identify threats before performing and attention to file formats capable of running code is important.
While using a VPN can help maintain privacy, it is not a substitute for strong endpoint protection and cautious online behavior.
Above all – be careful about what you click on the Internet.
