- Malicious SVG files are being armed so that Facebook publications without user consent
- The attackers hide Javascript in images to avoid detection and execute the dangerous social networks kidnappings
- Trojan.js. Likejack silently increases Facebook publications by exploiting active sessions of unsuspecting victims
Security researchers have discovered dozens of websites for adults who are integrating malicious code within the scalable vector graphics files (.SVG).
Unlike common image formats such as JPEG or PNG, SVG files use XML text to define images, which can include HTML and Javascript.
This feature makes SVG suitable for interactive graphics, but also opens the door for exploitation through attacks such as cross -situated and HTML injection command sequences.
How Clickjacking attack works
The Malwarebytes research found the selected visitors to these websites that find SVG images trapped in Bobias.
When clicking, the files execute a very obfuscated JavaScript code, sometimes using a hybrid version of a technique known as “JSFUCK” to disguise the true purpose of the script.
Once decoded, the code download more JavaScript, which finally implements a useful load identified as Trojan.js.ikejack.
If the victim has an open Facebook session, the malware clicks on silence “likes” in a specific publication without consent, which increases its visibility in social feeds.
The impulse in visibility increases the possibilities that the directed publication appears in more foods in users, effectively making unsuspecting visitors in promoters without their knowledge.
The abuse of SVG files is not new. Two years ago, pro-ruse computer pirates exploited the format to carry out an attack of command sequences between sites against Roundcube, a web mail platform used by millions.
More recently, Phishing campaigns have used SVG files to open Microsoft fake login screens previously filled with the email addresses of the victims.
The researchers found that many of these attacks originate in interconnected websites, often housed on platforms such as blogspot[.]com, sometimes offering images of explicit celebrities that probably generate artificial intelligence.
Facebook routinely closes the accounts involved in such abuses, but those behind the campaigns often return with new profiles.
As more regions introduce age verification rules for adult content, some users may resort to less regulated sites that implement aggressive promotion tactics.
How to stay safe
The effect of this campaign goes beyond the interactions of unwanted social networks. These tactics can be used for more harmful purposes, including identity theft or credential collection.
Experts recommend using updated security suites that can detect and block suspicious domains.
In addition, make sure your system has a firewall correctly configured to avoid unauthorized data transfers.
Real -time protection can help identify threats before executing, and consciousness of the file formats capable of executing the code is essential.
While the use of a VPN can help maintain privacy, it is not a substitute for a strong end point protection and cautious behavior online.
Above all, be careful what you click on the Internet.
