Scoopfeeds — Intelligent news, curated.
computer-science

Exif Smuggling

Hacker News · Jun 9, 2026, 9:06 PM

Key takeaways

  • This attack conceals an executable payload inside a JPG's Exif data.
  • As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload.
  • For full details see: https://malwaretech.com/2025/10/exif-smuggling

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG's Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload.

As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload. Instead, it simply extracts it from the Chrome browser's cache.

For full details see: https://malwaretech.com/2025/10/exif-smuggling

Article preview — originally published by Hacker News. Full story at the source.
Read full story on Hacker News → More top stories

More in computer-science

IEEE Spectrum
EPICS in IEEE’s Awards Honor Outstanding Students and Faculty
Hacker News
The Dynamo and the Computer: The Modern Productivity Paradox (1989) [pdf]
Hacker News
Why SpaceX 2040 Revenue FCST $4.3T in highly unlikely
Hacker News
Providers, not insurers, are responsible for excess U.S. health care cost (2024)
Hacker News
How JPL Keeps the 13-Year-Old Curiosity Rover Doing Science
Aggregated and edited by the Scoop newsroom. We surface news from Hacker News alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop