Live Roundups Editor's Desk Insights Executive Ops Weather About 🔍
Home Technology Exif Smuggling
Technology

Exif Smuggling

Hacker News Tuesday 09 June 2026, 21:06 UTC By rolph 1 min read
Key Points

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG's Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload.

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG's Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload. As a result, the example loader (chrome_poc.ps1 ) does not need to make any internet requests to fetch the second stage payload. Instead, it simply extracts it from the Chrome browser's cache. For full details see: https://malwaretech.com/2025/10/exif-smuggling python3 build_clickfix_cmd.py --input-file chrome_poc.ps1 --output-file encoded_command.txt --fake-path "C:\test\doc.txt" python3 exif_smuggling.py --input-file image.jpg --output-file payload.jpg --payload hello_world.dll www/index.html
Exif Smuggling A Proof (ORG) chrome_poc.ps1 (ORG) Chrome (ORG) payload.jpg --payload hello_world.dll (ORG)
Originally published by Hacker News Read original →

Related Stories

Google's latest DiffusionGemma open AI model comes with a 4x speed boost

Ars Technica 10m ago

Five men jailed for causing violent disorder at Henry Nowak protest

Five men jailed for causing violent disorder at Henry Nowak protest Five men have been jailed for violent disorder after taking part in a riot in Southampton following the murder of Henry Nowak during which police were surrounded by a “baying mob throwing projectiles”. Father-of-two Daniel Frost, 44, from Southampton, was sentenced to two years and four months in prison for violent disorder and possessing an offensive weapon – a dog lead with a metal carabiner which he had fashioned into a...

Daily Mirror 33m ago

Amazon's 'Story So Far' feature is finally rolling out to Kindles

So Far' feature is finally rolling out to Kindles It's also headed to the Kindle app on iOS, but sadly not the Android version just yet. We may receive a commission on purchases made from links. Way back in September, Amazon announced a feature for Kindles designed to help you catch up on a book in case you've lost the plot or simply took a prolonged break.

Engadget 38m ago

'Voltron: Legendary Defender' turns 10 today, and we think this mecha robot reboot was just as good as 'Power Rangers' and 'Transformers'

'Voltron: Legendary Defender' turns 10 today, and we think this mecha robot reboot was just as good as 'Power Rangers' and 'Transformers' Voltron may sound like an ointment for back pain, but the reboot Legendary Defender demonstrates that there's more to the big stompy robots concept than meets the eye. Reboot is a dirty word when it comes to TV. Very rarely does a remade show receive its due.

Space.com 39m ago