Home > Security > Security News

Clickjack Trojan Campaign Exploits Facebook Users to Promote Adult Websites 

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Facebook Woman Pixel

A clickjack Trojan campaign targets Facebook users to advertise adult websites. This malicious operation manipulates unsuspecting visitors into unknowingly ‘liking’ Facebook posts, primarily promoting explicit content, while exploiting vulnerabilities in malicious SVG files.  

Trojan Mechanism Explored  

The campaign operates via deceptive links on adult-themed websites, often hosted on blogspot.com domains, a recent Malwarebytes cybersecurity investigation has uncovered.

Visitors to these sites may encounter Scalable Vector Graphics (SVG) files, which appear harmless but are embedded with obfuscated JavaScript code, and are downloaded in some cases. 

Some posts pointing to adult websites hosted on Blogspot[.]com and were linked to other similar sites
Some posts pointing to adult websites hosted on Blogspot[.]com and were linked to other similar sites | Source: Malwarebytes

Once downloaded, the SVG file executes additional malicious scripts from the domain crhammerstein[.]de, which was blocked by Malwarebytes. 

JSFuck obfuscation, a JavaScript encoding method limited to six characters, is employed to conceal the script’s intentions. Combined with hybrid techniques, this significantly complicates detection and analysis.  

They are written in XML, and this allows them to contain HTML and Javascript code
They are written in XML, and this allows them to contain HTML and Javascript code | Source: Malwarebytes 

The Trojan.JS.Likejack, as identified by researchers, carries out unauthorized ‘likes’ on Facebook posts tied to the campaign’s content. 

For this exploit to succeed, users need to be logged into their accounts. The higher engagement these fraudulent likes generate increases the visibility of the posts, driving traffic and deepening the campaign’s reach.

Protecting Against Clickjack Trojans  

This Trojan campaign poses significant cybersecurity threats, including privacy risks and potential financial exploitation.  To mitigate risks, experts recommend avoiding dubious links, disabling automatic downloads in web browsers, and employing real-time malware protection tools. 

By staying vigilant and using robust cybersecurity solutions, users can defend against evolving threats like the clickjack Trojan, which continue to exploit digital platforms for malicious gain. 

In January, TechNadu reported on a novel ‘DoubleClickjacking’ attack aimed at website compromise and account takeover.

Add a Comment
Related
Bus - Passengers
Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps
Customer Support - Help Desk
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
School - Students - Building
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Data Breach - Lawsuit
Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner
Google - Model
Promptware Vulnerability Exposes Google Home Devices to Gemini AI Exploits
Most Popular
Bus - Passengers
Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps
Customer Support - Help Desk
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
School - Students - Building
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches Is it down- A User-Based Website Outage Tracker
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
Shield - Piracy - Skull - Door
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 

Most Popular
Bus - Passengers
Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps
Customer Support - Help Desk
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
School - Students - Building
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches Is it down- A User-Based Website Outage Tracker
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
Shield - Piracy - Skull - Door
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: