A JavaScript-based redirect attack is serious as it can force your browser (mobile or desktop) to navigate on any other website without your consent or your knowledge. The concern is that your browser can be sent to malicious websites. The attack injects or manipulates the JavaScript code on a valid webpage. Before you know this, the browser (or even your desktop computers) on your phone makes you a fishing scam, spyware, kelogors (your Kestroke Recording), and Trojans.

Its goal is to get the password you use, which will allow the attackers to reach your banking and financial apps. JavaScript-based redirect attacks are being distributed through scalable vector graphics (SVG) files. They are mostly considered as harmless image files, but they can be embedded to redirect mobile and desktop browsers with script elements design on dangerous websites. The destinations of the redirects are determined by the attackers.

Example of credentials phishing with the name of a company used by edited attackers. , Image credit

According to ontinue, emails use weak or inexhagical email authentication domains. This allows the attackers to open the emails to potential victims that they show that they were sent by a reliable brands or a person. The email includes “a call to action” that is an attempt to open the image file or preview on a mobile or desktop browser. Once the image is provided, the SVG quietly executes embedded JavaScript. JavaScript execution is obtained and the browser is then redirected without any user interaction.

-What

Look out for those emails that you immediately push about seeing an image file. If an email looks as if it was sent from the company with which you do business, seek spelling errors or call the company using a phone number that you get online. You cannot rely on all professional numbers obtained from Google because some are crowded and open to manipulation by bad actors.