Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label SVG files. Show all posts
Website
AI Deepfakes Facebook Hackers malware SVG files Website

Hackers Are Spreading Malware Through SVG Images on Facebook


The growing trend of age checks on websites has pushed many people to look for alternative platforms that seem less restricted. But this shift has created an opportunity for cybercriminals, who are now hiding harmful software inside image files that appear harmless.


Why SVG Images Are Risky

Most people are familiar with standard images like JPG or PNG. These are fixed pictures with no hidden functions. SVG, or Scalable Vector Graphics, is different. It is built using a coding language called XML, which can also include HTML and JavaScript, the same tools used to design websites. This means that unlike a normal picture, an SVG file can carry instructions that a computer will execute. Hackers are taking advantage of this feature to hide malicious code inside SVG files.


How the Scam Works

Security researchers at Malwarebytes recently uncovered a campaign that uses Facebook to spread this threat. Fake adult-themed blog posts are shared on the platform, often using AI-generated celebrity images to lure clicks. Once users interact with these posts, they may be asked to download an SVG image.

At first glance, the file looks like a regular picture. But hidden inside is a script written in JavaScript. The code is heavily disguised so that it looks meaningless, but once opened, it runs secretly in the background. This script connects to other websites and downloads more harmful software.


What the Malware Does

The main malware linked to this scam is called Trojan.JS.Likejack. Once installed, it hijacks the victim’s Facebook account, if the person is already logged in, and automatically “likes” specific posts or pages. These fake likes increase the visibility of the scammers’ content within Facebook’s system, making it appear more popular than it really is. Researchers found that many of these fake pages are built using WordPress and are linked together to boost each other’s reach.


Why It Matters

For the victim, the attack may go unnoticed. There may be no clear signs of infection besides strange activity on their Facebook profile. But the larger impact is that these scams help cybercriminals spread adult material and drive traffic to shady websites without paying for advertising.


A Recurring Tactic

This is not the first time SVG files have been misused. In the past, they have been weaponized in phishing schemes and other online attacks. What makes this campaign stand out is the combination of hidden code, clever disguise, and the use of Facebook’s platform to amplify visibility.

Users should be cautious about clicking on unusual links, especially those promising sensational content. Treat image downloads, particularly SVG files with the same suspicion as software downloads. If something seems out of place, it is safer not to interact at all.

Read more »
Subscribe to: Posts (Atom)