Techly NewsGet the app

Get the latest tech news

Adult sites are stashing exploit code inside svg files


Running JavaScript from inside an image? What could possibly go wrong?

“This Trojan, also written in Javascript, silently clicks a ‘Like’ button for a Facebook page without the user’s knowledge or consent, in this case the adult posts we found above,” Malwarebytes researcher Pieter Arntz wrote. In 2023, pro-Russian hackers used an .svg tag to exploit a cross-site scripting bug in Roundcube, a server application that was used by more than 1,000 webmail services and millions of their end users. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Files

Files

Photo of adult sites

adult sites

Photo of exploit code

exploit code

Related news:

News photo

Fedora Considers Hardlinking Identical /usr Files By Default For Deduplicating RPM Assets

News photo

Dog-Walking Startup 'Wag' Files For Bankruptcy

News photo

San Francisco tech company Wag, once worth $650 million, files for bankruptcy

« It’s getting harder to skirt RTO policies without employers noticing
“This Is What We Voted For!” MAHA World Celebrates mRNA News (Experts Say It Will Kill People) »