I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.
Users are posting images like the following:
And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.
Among other things. At this time if you see an image please click the icon circled before clicking the link. DO NOT CLICK THE IMAGE. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.
When getting chatgpt to decode the js, it spoke about a URL that went to a website ending in .zip/save in the interests of security I will not be posting it.
It wasn’t solely the image that drew redflags but the js that appears to come before it. There is more to that URL than the file. I won’t be posting the full details here. In a DM I can provide if you would like to see it and analyse it further
Sure, send it my way. If it sufficiently malicious, I’ll maybe have fun dissecting it. You should know that messaging on Lemmy is not secure though.
FYI if you have a Matrix account you can attach it to your Lemmy account in your profile settings on Lemmy. Then people should see an option to send a secure message when they visit your Lemmy profile, by going through Matrix.
Ah yeah, I’ve heard about that! Sadly, I don’t have time to set it up presently. Thanks for the reminder though, I’ll add it to the list.