More and more websites are now using age verification checks. This is especially true for adult content sites. While the goal is to protect young users, it has created a new problem. Many people are moving to smaller, less regulated sites to avoid these checks. Security experts warn that this shift is dangerous. Smaller sites often lack proper safety measures. Cybercriminals are taking advantage of this trend. They are hiding malicious code inside a type of image file called an SVG. Now, new study shoes that cybercriminials are using these SVG images in fake Facebook posts to spread malware.

Why SVG Files Are Risky

SVG stands for Scalable Vector Graphics. Unlike normal image formats like JPG or PNG, SVG files are written in XML. This means they can include HTML and JavaScript, the same coding languages used to build websites. Attackers use this feature to hide harmful scripts inside what looks like a simple picture.

Because most users think SVGs are just images, they don’t expect them to be dangerous. This false sense of safety makes it easier for malware to spread.

How the Scam Works

Researchers at Malwarebytes discovered a disturbing trend. Adult-themed blog posts are being shared on Facebook. Some of these posts promote fake or AI-generated celebrity content. When users click the link, they are taken to a page where they might be asked to download an SVG image.

Opening or interacting with this SVG triggers hidden JavaScript code inside the file. The code is heavily disguised using a method called obfuscation. This makes it difficult for antivirus tools to detect it.

Once active, the script downloads more malicious code from linked sites. This eventually installs malware called Trojan.JS.Likejack.

What the Malware Does

Trojan.JS.Likejack has a sneaky purpose. If the victim is logged into Facebook, it forces their browser to “Like” certain posts or pages without their consent. These automatic likes make the posts more popular on Facebook’s algorithm. As a result, they get more visibility and attract more clicks.

This method helps scammers promote their adult content without spending money on ads. The more likes a post gets, the more it spreads.

Why This Scam Works

Malwarebytes found that many of the websites involved run on WordPress. They are interconnected and work together to push the same scam. By generating hundreds or thousands of fake likes, they trick Facebook into thinking the content is trending.

Facebook tries to remove these fake accounts. However, scammers simply create new ones. The anonymous nature of the internet makes it hard to stop them completely.

How to Stay Safe

Experts recommend never downloading image files from untrusted sources, especially SVGs. Be cautious with adult-themed links on social media. Even if a file looks harmless, it may hide dangerous code. Always keep your browser, antivirus, and operating system updated to reduce risks.

As age checks become more common online, cybercriminals will look for new ways to exploit user behavior. Awareness is the first step to staying safe.