software

Exif Smuggling (2025)

Published: (June 9, 2026 at 05:06 PM EDT)
1 min read
Source: Hacker News

Source: Hacker News

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG’s Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload.

As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload. Instead, it simply extracts it from the Chrome browser’s cache.

For full details see: https://malwaretech.com/2025/10/exif-smuggling

Example Usage

Convert PowerShell Loader to ClickFix Command

python3 build_clickfix_cmd.py --input-file chrome_poc.ps1 --output-file encoded_command.txt --fake-path "C:\test\doc.txt"

Embed payload dll inside arbitrary JPG

python3 exif_smuggling.py --input-file image.jpg --output-file payload.jpg --payload hello_world.dll

Example Phishing page

www/index.html

0 views
#software #programming #tech-trends
View source
Share:
Back to Blog

Related posts

Read more »

Cosmodial Sky Atlas

Article URL: https://killedbyapixel.github.io/Cosmodial/ Comments URL: https://news.ycombinator.com/item?id=48507571 Points: 15 Comments: 1...

I Am Not a Reverse Centaur

About a year ago I wrote on this blog about how coding with LLMs would not work for mehttps://blog.miguelgrinberg.com/post/why-generative-ai-coding-tools-and-ag...

'Don't You Just Upload It to ChatGPT?'

Article views: 10,114 In my Ottawa lifehttps://correresmidestino.com/tag/ottawa/, every Tuesday evening, I take two gym classeshttps://correresmidestino.com/im-...