Watch where you click - adult sites are hiding clickjacking malware in
images, and all for Facebook likes
Date:
Thu, 14 Aug 2025 00:33:00 +0000
Description:
Malicious SVG files on adult websites hide JavaScript that hijacks Facebook sessions, secretly liking posts, and potentially exposing victims to identity theft and credential harvesting.
FULL STORY ======================================================================Maliciou s SVG files are being weaponized to secretly like Facebook posts without user consent Attackers hide obfuscated JavaScript in images to bypass detection
and execute dangerous social media hijacks Trojan.JS.Likejack silently boosts targeted Facebook posts by exploiting active sessions of unsuspecting victims
Security researchers have uncovered dozens of adult websites which are embedding malicious code inside Scalable Vector Graphics (.svg) files.
Unlike common image formats such as JPEG or PNG, SVG files use XML text to define images, which can include HTML and JavaScript.
This feature makes SVG suitable for interactive graphics but also opens the door for exploitation through attacks like cross-site scripting and HTML injection. How the clickjacking attack works
Research from Malwarebytes found selected visitors to these websites
encounter booby-trapped SVG images.
When clicked, the files run heavily obfuscated JavaScript code, sometimes using a hybrid version of a technique known as JSFuck to disguise the scripts true purpose.
Once decoded, the code downloads further JavaScript, ultimately deploying a payload identified as Trojan.JS.Likejack.
If the victim has a Facebook session open, the malware silently clicks Like
on a targeted post without consent, boosting its visibility in social feeds.
The boost in visibility increases the chances that the targeted post will appear in more users feeds, effectively turning unsuspecting visitors into promoters without their knowledge.
The abuse of SVG files is not new. Two years ago, pro-Russian hackers exploited the format to carry out a cross-site scripting attack against Roundcube, a webmail platform used by millions.
More recently, phishing campaigns have used SVG files to open fake Microsoft login screens pre-filled with victims email addresses.
Researchers found many of these attacks originate from interconnected websites, often hosted on platforms like blogspot[.]com, and sometimes offering explicit celebrity images likely generated by artificial intelligence.
Facebook routinely shuts down accounts involved in such abuses, but those behind the campaigns often return with new profiles.
As more regions introduce age verification rules for adult content, some
users may turn to less-regulated sites that deploy aggressive promotion tactics. How to stay safe
The effect of this campaign goes beyond unwanted social media interactions. These tactics can be used for more harmful purposes, including identity theft or credential harvesting.
Experts recommend using updated security suites that can detect and block suspicious domains.
Also, ensure that your system has a properly configured firewall to prevent unauthorized data transfers.
Real-time protection can help identify threats before they execute, and awareness of file formats capable of running code is essential.
While using a VPN can help maintain privacy, it is not a substitute for
strong endpoint protection and cautious online behavior.
Above all - be careful about what you click on the internet. You might also like These are the best VPNs with antivirus you can use right now Take a look at our pick of the best internet security suites Fake TikTok shops found spreading malware to unsuspecting victims
======================================================================
Link to news story:
https://www.techradar.com/pro/security/watch-where-you-click-adult-sites-are-h iding-clickjacking-malware-in-images-and-all-for-facebook-likes
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)