Utilities, business-to-business service providers, and software-as-a-service vendors have been increasingly targeted with redirect intrusions involving the concealment of malicious JavaScript code within Scalable Vector Graphics image files, Hackread reports.
Highly convincing phishing emails purporting to be from trusted sources have been leveraged by attackers to spread the nefarious SVG file, which triggers the stealthy execution of the hidden JavaScript once opened, according to an analysis from the Ontinue Advanced Threat Operations team. After payload decryption through a static XOR key, the JavaScript then taps various built-in browser functions to enable malicious site redirections. Such utilization of SVG smuggling was regarded by Bambenek Consulting's John Bambenek to be "fresh" due to its dependence on targeted entities' complacency. "While this report and research is valuable to enterprises, and the search is valuable for hunt teams, organizations without a security staff or end consumers will remain vulnerable to conventional cybercrime with this technique," Bambenek added.
Highly convincing phishing emails purporting to be from trusted sources have been leveraged by attackers to spread the nefarious SVG file, which triggers the stealthy execution of the hidden JavaScript once opened, according to an analysis from the Ontinue Advanced Threat Operations team. After payload decryption through a static XOR key, the JavaScript then taps various built-in browser functions to enable malicious site redirections. Such utilization of SVG smuggling was regarded by Bambenek Consulting's John Bambenek to be "fresh" due to its dependence on targeted entities' complacency. "While this report and research is valuable to enterprises, and the search is valuable for hunt teams, organizations without a security staff or end consumers will remain vulnerable to conventional cybercrime with this technique," Bambenek added.
