Phishing, Email security, Malware

Exploitation of SVG attachments in phishing on the rise

Malware phishing data concept

BleepingComputer reports that more threat actors were discovered by MalwareHunterTeam to have been leveraging Scalable Vector Graphics attachments to facilitate stealthier phishing or malware attacks.

While SVG primarily enables the crafting of images using text, lines, and shapes in code rather than pixels, such files could also be utilized to show HTML and facilitate JavaScript execution in credential-stealing phishing forms, with BleepingComputer noting the discovery of an SVG attachment showing a phony Excel spreadsheet with a login form that allowed data exfiltration. Attackers have also used SVG attachments spoofing official information requests that lure targets into downloading malware, as well as other SVG files with images that redirect to phishing forms. Such a threat, which has not yet been effectively detected by security software, should prompt individuals and organizations to be more vigilant of SVG attachments, with non-developers urged to immediately delete such emails.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds