Adult Sites Using Malicious SVG Files to Generate Facebook Likes

In a recent development, adult websites have been leveraging a sneaky technique to garner Facebook likes by infecting users' browsers with cleverly disguised malware. This time, the insidious code is hidden within .svg image files.

The SVG (Scalable Vector Graphics) format, commonly used for its scalability and lack of pixelation, poses a hidden threat as it can embed HTML and JavaScript. This makes it a potential playground for a variety of cyberattacks, including cross-site scripting and denial of service.

Case of the Silent Clicker

Security experts at Malwarebytes highlighted a concerning discovery, where adult sites are using .svg files to employ a clickjacking tactic. When a user clicks on these images, their browser unknowingly endorses a Facebook post, usually promoting the particular adult website.

Deciphering this attack was complex due to the use of "JSFuck," a method that obfuscates JavaScript code, rendering it challenging to detect. Once decoded, this code triggers a download of more concealed scripts. The final payload, Trojan.JS.Likejack, tricks opened Facebook accounts into liking specific posts without user consent.

Such JavaScript-based Trojans silently manipulate personal profiles to promote adult content, as highlighted by Malwarebytes researcher Pieter Arntz. Users remain unaware unless they routinely check their liked pages.

Previous instances of malicious .svg files include exploits targeting webmail services and phishing scams that trick users into revealing sensitive information. Despite frequent account removals by Facebook, perpetrators often return using new profiles.