Sign Up For Free Newsletter

News News

Cybersecurity Cybersecurity

VPN VPN

Streaming Streaming

Home > Security > Security News

Clickjack Trojan Campaign Exploits Facebook Users to Promote Adult Websites

Published

Written by:

Lore Apostol

Lore Apostol
Cybersecurity Writer

Facebook Woman Pixel

Clickjack campaign: Cybercriminals use a Trojan to promote their posts and profiles on Facebook via adult websites.
How it starts: Some adult website visitors are served an SVG file that downloads the Trojan.
What it does: This results in a clickjack campaign that silently leverages the infected user’s Facebook account to like attackers’ adult posts.

A clickjack Trojan campaign targets Facebook users to advertise adult websites. This malicious operation manipulates unsuspecting visitors into unknowingly ‘liking’ Facebook posts, primarily promoting explicit content, while exploiting vulnerabilities in malicious SVG files.

Trojan Mechanism Explored

The campaign operates via deceptive links on adult-themed websites, often hosted on blogspot.com domains, a recent Malwarebytes cybersecurity investigation has uncovered.

Visitors to these sites may encounter Scalable Vector Graphics (SVG) files, which appear harmless but are embedded with obfuscated JavaScript code, and are downloaded in some cases.

Some posts pointing to adult websites hosted on Blogspot[.]com and were linked to other similar sites — Some posts pointing to adult websites hosted on Blogspot[.]com and were linked to other similar sites | Source: Malwarebytes

Once downloaded, the SVG file executes additional malicious scripts from the domain crhammerstein[.]de, which was blocked by Malwarebytes.

JSFuck obfuscation, a JavaScript encoding method limited to six characters, is employed to conceal the script’s intentions. Combined with hybrid techniques, this significantly complicates detection and analysis.

They are written in XML, and this allows them to contain HTML and Javascript code — They are written in XML, and this allows them to contain HTML and Javascript code | Source: Malwarebytes

The Trojan.JS.Likejack, as identified by researchers, carries out unauthorized ‘likes’ on Facebook posts tied to the campaign’s content.

For this exploit to succeed, users need to be logged into their accounts. The higher engagement these fraudulent likes generate increases the visibility of the posts, driving traffic and deepening the campaign’s reach.

Protecting Against Clickjack Trojans

This Trojan campaign poses significant cybersecurity threats, including privacy risks and potential financial exploitation. To mitigate risks, experts recommend avoiding dubious links, disabling automatic downloads in web browsers, and employing real-time malware protection tools.

By staying vigilant and using robust cybersecurity solutions, users can defend against evolving threats like the clickjack Trojan, which continue to exploit digital platforms for malicious gain.

In January, TechNadu reported on a novel ‘DoubleClickjacking’ attack aimed at website compromise and account takeover.

Related

Hacker - Building

Qilin Ransomware Claims Formacompany & Co. Real Names Leak, Accuses the Offshore Company of Money Laundering

Bus - Passengers

Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps

Customer Support - Help Desk

Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale

School - Students - Building

Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised

PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack

Data Breach - Lawsuit

Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.

Please enter a valid email address.

Most Popular

Hacker - Building

Qilin Ransomware Claims Formacompany & Co. Real Names Leak, Accuses the Offshore Company of Money Laundering

Bus - Passengers

Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps

Customer Support - Help Desk

Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale

School - Students - Building

Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised

NordVPN Launches Is it down- A User-Based Website Outage Tracker

NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker

Shield - Piracy - Skull - Door

CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites

Qilin Ransomware Claims Formacompany & Co. Real Names Leak, Accuses the Offshore Company of Money Laundering

Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps

Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale

Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised

NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker

CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.

Please enter a valid email address.

Most Popular

Hacker - Building

Qilin Ransomware Claims Formacompany & Co. Real Names Leak, Accuses the Offshore Company of Money Laundering

Bus - Passengers

Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps

Customer Support - Help Desk

Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale

School - Students - Building

Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised

NordVPN Launches Is it down- A User-Based Website Outage Tracker

NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker

Shield - Piracy - Skull - Door

CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites

Qilin Ransomware Claims Formacompany & Co. Real Names Leak, Accuses the Offshore Company of Money Laundering

Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps

Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale

Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised

NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker

CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

Welcome to TechNadu

This website uses cookies to ensure you get the best experience on our website.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: