Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Fake Facebook posts hide Trojan.JS.Likejack in SVG images

Malwarebytes has uncovered a scam hiding malicious JavaScript inside SVG images, using adult-themed social media posts to trick users into boosting fake Facebook pages.

byEmre Çıtak
August 11, 2025
in Cybersecurity, News
Home News Cybersecurity

Researchers at Malwarebytes have uncovered a campaign where cybercriminals embed malicious code in SVG (Scalable Vector Graphics) images. Unlike standard JPG or PNG pictures, SVG files are built using XML code, which can also carry HTML and JavaScript — the same languages used for interactive websites. This means an SVG can display a picture while secretly running harmful scripts in the background.

How the scam works:

  • Adult-themed blog posts, often featuring fake or AI-generated celebrity content, are promoted on social media platforms like Facebook.

    Stay Ahead of the Curve!

    Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

  • Clicking these links may prompt you to download an SVG file.

  • Opening or interacting with the file triggers hidden JavaScript, obfuscated to look harmless, that then downloads more malicious code.

The end goal is to install Trojan.JS.Likejack, a program that forces your browser to “Like” specific Facebook posts or pages if you’re already logged in. These fake likes artificially boost the scammers’ content in Facebook’s algorithm, helping them gain visibility without paying for ads.

Many of the pages in this network are built on WordPress or Blogspot, and they’re interconnected to generate hundreds of likes across multiple fake accounts. While Facebook actively removes these profiles, new ones appear just as quickly, making the cycle hard to break.

  • SVG files can be dangerous if opened from untrusted sources.
  • Attackers are using social media to make these scams appear legitimate.
  • This campaign exploits curiosity and adult content as bait, but the same tactic could be applied to other lures.

How to protect yourself:

  • Avoid downloading SVG or other files from unfamiliar websites.
  • Keep your antivirus and browser security features enabled.
  • Be wary of clicking links in social media posts that seem suspicious or sensational.
  • Log out of Facebook when not in use to reduce potential damage from Like-jacking attacks.

Using SVGs for malware delivery isn’t new, but this campaign’s blend of stealthy code, social engineering, and social media manipulation makes it especially dangerous.


Featured image credit

Tags: FacebookFeaturedsvg

Related Posts

AI agents lead to 4,000 job cuts in Salesforce’s support division, CEO says

AI agents lead to 4,000 job cuts in Salesforce’s support division, CEO says

September 1, 2025
How synthetic data is reshaping AI model training

How synthetic data is reshaping AI model training

September 1, 2025
The future of free online engineering tools: Trends and innovations

The future of free online engineering tools: Trends and innovations

September 1, 2025
Xbox rolls out cross-device play history feature globally

Xbox rolls out cross-device play history feature globally

August 29, 2025
MathGPT.ai expands to 50+ colleges with “cheat-proof” AI tutor

MathGPT.ai expands to 50+ colleges with “cheat-proof” AI tutor

August 29, 2025
Windows 11 OOBE update installs start September 2025

Windows 11 OOBE update installs start September 2025

August 29, 2025

LATEST NEWS

AI agents lead to 4,000 job cuts in Salesforce’s support division, CEO says

How synthetic data is reshaping AI model training

The future of free online engineering tools: Trends and innovations

Xbox rolls out cross-device play history feature globally

MathGPT.ai expands to 50+ colleges with “cheat-proof” AI tutor

Windows 11 OOBE update installs start September 2025

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.