Adult sites are stashing exploit code inside racy .svg files
1 min read
Summary
Porn websites are increasingly using malware via SVG image files to generate fake Facebook likes, with affected users unwittingly liking the site without realising.
Security company Malwarebytes discovered the operation, which sees porn sites embedding boobytrapped SVG images, which are then used to silently like posts that promote the adult site on Facebook.
The malware uses a customised version of the “JSFuck” technique, which uses just a few character types to hide malicious JavaScript code.
Obscuring the JavaScript made the malware harder to detect, and once clicked upon, the SVG file causes the browser to LIKE the promotional Facebook post without the user’s knowledge.
This is the first known case of SVG image files being used in this way, and specialists expect to see this sort of malware become more widespread.
