I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.
Users are posting images like the following:
And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.
Among other things. At this time if you see an image please click the icon circled before clicking the link. DO NOT CLICK THE IMAGE. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.
It uses an onload event using a markdown parser bug to run JS and upload your JWT to a certain website.
That looks like something Imgur is doing then. Which is not surprising at all. If it’s a free service, you’re the product, right?
Honestly the sketchiest thing I found was the use of BTLoader, a self-described ‘adblock revenue recovery service’.