The growing trend of age checks on websites has pushed many people to look for alternative platforms that seem less restricted. But this shift has created an opportunity for cybercriminals, who are now hiding harmful software inside image files that appear harmless.
Why SVG Images Are Risky
Most people are familiar with standard images like JPG or PNG. These are fixed pictures with no hidden functions. SVG, or Scalable Vector Graphics, is different. It is built using a coding language called XML, which can also include HTML and JavaScript, the same tools used to design websites. This means that unlike a normal picture, an SVG file can carry instructions that a computer will execute. Hackers are taking advantage of this feature to hide malicious code inside SVG files.
How the Scam Works
Security researchers at Malwarebytes recently uncovered a campaign that uses Facebook to spread this threat. Fake adult-themed blog posts are shared on the platform, often using AI-generated celebrity images to lure clicks. Once users interact with these posts, they may be asked to download an SVG image.
At first glance, the file looks like a regular picture. But hidden inside is a script written in JavaScript. The code is heavily disguised so that it looks meaningless, but once opened, it runs secretly in the background. This script connects to other websites and downloads more harmful sof
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: