Exif Smuggling

Hacker News Top Tools

Summary

Exif Smuggling is a proof-of-concept attack that hides an executable payload inside a JPG's Exif data, enabling passive download via browser image caching without additional network requests.

No content available
Original Article
View Cached Full Text

Cached at: 06/10/26, 12:22 AM

signalblur/exifsmugglingpoc

Source: https://github.com/signalblur/exifsmugglingpoc

Exif Smuggling

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG’s Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload.

As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload. Instead, it simply extracts it from the Chrome browser’s cache.

For full details see: https://malwaretech.com/2025/10/exif-smuggling

Example Usage

Convert PowerShell Loader to ClickFix Command

python3 build_clickfix_cmd.py --input-file chrome_poc.ps1 --output-file encoded_command.txt --fake-path "C:\test\doc.txt"

Embed payload dll inside arbitrary JPG

python3 exif_smuggling.py --input-file image.jpg --output-file payload.jpg --payload hello_world.dll

Example Phishing page

www/index.html

Similar Articles

Microsoft Copilot Cowork Exfiltrates Files

Simon Willison's Blog

A security vulnerability in Microsoft Copilot Cowork allows attackers to exfiltrate files by exploiting prompt injection that triggers external image requests, potentially leaking pre-authenticated download links.

Config Files That Run Code: Supply Chain Security Blindspot

Hacker News Top

Config files for IDEs, AI coding agents, and package managers can execute code automatically, creating a supply chain security blindspot. The article details the Miasma worm attack that uses such config files to drop malware, and provides examples of injection vectors.

Arbitrary code execution in objdump -g

Lobsters Hottest

A security vulnerability in objdump -g allows arbitrary code execution via a crafted FR30 object file due to a missing bounds check in the FR30 relocation handler, with a single-shot exploit that defeats ASLR and other mitigations.

A hash proves the bytes, not the source

Lobsters Hottest

Collider 1.3.0 adds path traversal protection for repository indices and strips bearer tokens on cross-origin redirects to prevent security vulnerabilities.