Porn sites are hiding code in .svg files: > Unpacking the attack took work because much of the JavaScript in the .svg > images was heavily obscured using a custom version of “JSFuck,” a technique > that uses only a handful of character types to encode JavaScript into a > camouflaged wall of text. > > Once decoded, the script causes the browser to download a chain of additional > obfuscated JavaScript. The final payload, a known malicious script called > Trojan.JS.Likejack, induces the browser to like a specified Facebook post as > long as a user has their account open...