Adult sites are stashing exploit code inside racy .svg files
14 days ago
- #security
- #malware
- Porn sites are using malware hidden in .svg files to generate fake likes on Facebook.
- .svg files can include HTML and JavaScript, making them vulnerable to abuse for attacks like cross-site scripting and denial of service.
- Malwarebytes discovered that these .svg files, when clicked, secretly register likes on Facebook posts promoting the sites.
- The JavaScript in these .svg files was heavily obscured using a custom version of 'JSFuck' to hide the malicious code.