[jklmnn] drew inspiration from the work of [Ange Albertini] who has documented a way to hide Javascript within the header of a .gif file. Not only does it carry the complete code but both image ...

The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward. The malicious code is hidden in a BMP type of picture and it is heavily obfuscated.

Those technically inclined can run the code locally ... Include any extra CSS and JavaScript in the html file. If you have any images, load them from Unsplash or use solid colored rectangles.