
A Cryptocurrency Miner Hidden in a Favicon.ico - iamkeyur
https://twitter.com/xbs/status/963796410100604929
======
gkya
Preferably there would be some explanation and example code that demonstrates
this. A handful of words and two screenshots don't tell much. If favicon.ico
files can be interpreted as HTML files, that means that they can probably be
anything random, and as they are often cached and even saved somewhere to be
shown besides bookmarks, that seems to be a dangerous thing (not that I know
much about security but still, why not just whitelist a couple widely-used
formats?).

