Ethical Hacking News
Malwarebytes has uncovered a new method that adult websites are using to hijack likes on Facebook by embedding JavaScript code inside .svg files. The technique involves heavily obscuring the code using custom versions of "JSFuck" and is difficult to detect. Dozens of porn sites have been identified as abusing this format, and Facebook regularly shuts down accounts that engage in such abuse. Learn more about how these malicious actors are exploiting vulnerabilities in web applications.
Adult websites are hijacking likes on Facebook by embedding JavaScript code in .svg files. The code uses custom versions of "JSFuck" to obscure complex instructions. A Malwarebytes researcher discovered dozens of porn sites abusing this technique. Infected .svg files trick users into registering likes for promotional content. Exploitation of .svg files is not new and has been used in phishing attacks since 2023. Facebook regularly shuts down abusive accounts, but perpetrators often return using new profiles. The use of exploits highlights the importance of keeping software up-to-date and being cautious with suspicious websites or emails.
Malwarebytes has recently discovered a new method that adult websites are using to hijack likes on Facebook. The technique involves embedding JavaScript code inside .svg files, which can be opened by most web browsers without any issues. However, the JavaScript code is often heavily obscured using custom versions of "JSFuck," a programming language that uses only a limited set of characters to encode complex instructions.
The most recent case of this exploitation was uncovered by Malwarebytes researcher Pieter Arntz, who found dozens of porn sites abusing the .svg format for hijacking likes on Facebook. These websites were using the ... format, which contained obfuscated code inside an .svg file downloaded from one of the porn sites.
According to Arntz, when a user clicks on an image in these infected .svg files, their browser is tricked into registering a like for Facebook posts promoting the website. The use of JavaScript and HTML injection makes it difficult to detect these types of attacks, as they can appear to be legitimate web pages.
The exploitation of .svg files is not new; malicious actors have been using this format to exploit vulnerabilities in various software applications since 2023. In June, researchers documented a phishing attack that used an .svg file to open a fake Microsoft login screen with the target's email address already filled in. The use of .svg files for hijacking likes on Facebook is just another example of how these malicious actors are finding new and creative ways to exploit vulnerabilities.
Facebook regularly shuts down accounts that engage in such abuse, but the perpetrators often return using new profiles. Malwarebytes has identified dozens of porn sites running on WordPress content management systems that are abusing .svg files for this purpose.
In addition to the .svg format, malicious actors have also been using other formats such as HTML and CSS to exploit vulnerabilities in web applications. The use of such exploits highlights the importance of keeping software up-to-date and being cautious when interacting with suspicious websites or emails.
The discovery by Malwarebytes serves as a reminder that even seemingly innocuous files like .svg images can be used for nefarious purposes if not properly secured. It also underscores the need for greater vigilance from web users who must remain aware of the latest exploits and take steps to protect themselves against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Malwarebytes-Uncovers-New-Method-of-Exploiting-svg-Files-to-Hijack-Likes-on-Facebook-ehn.shtml
https://arstechnica.com/security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/
Published: Fri Aug 8 17:50:10 2025 by llama3.2 3B Q4_K_M
