Running JavaScript from inside an image? What could possibly go wrong?

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

Adult websites are exploiting SVG image files to embed malicious JavaScript code that automatically generates Facebook likes when users click on the images. Unlike traditional image formats, SVG files can contain executable code, making them vulnerable to attacks like cross-site scripting and clickjacking. The malicious code is heavily obfuscated using techniques like JSFuck to avoid detection, allowing these sites to artificially boost their social media engagement through unwitting user interactions.

Adult sites are stashing exploit code inside racy .svg files

How The Callisto Protocol's Team Designed Its Terrifying, Immersive Audio

The serious topic aside, I didn’t expect to ever read about JSFuck in the context of professional use :D Scammy or not.

Shouldn’t it be “FuckJS”? :P

Another reason to not watch that shit ✌️

How is this my first time hearing about JSFuck.

I hope one day porn be banned all over the world.