Malware, Threat Management
Windows systems infected with QBot malware through SVG files
BleepingComputer reports that Windows machines are being targeted by a new QBot phishing campaign leveraging scalable vector graphics files to facilitate HTML smuggling.
Stolen reply chain emails are being used by attackers to lure potential victims into opening the HTML file attachment, which features a base64-encoded SVG image-based HTML smuggling technique for malicious code concealment, according to a Cisco Talos report.
Opening the SVG file will prompt the execution of a JavaScript code that enables the conversion of the embedded JS variable "text" into a binary blob, which is later converted to a ZIP archive.
"In this case, the JavaScript smuggled inside of the SVG image contains the entire malicious zip archive, and the malware is then assembled by the JavaScript directly on the end user's device. Because the malware payload is constructed directly on the victim's machine and isn't transmitted over the network, this HTML smuggling technique can bypass detection by security devices designed to filter malicious content in transit," said Cisco Talos.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds