Threat actors exploit SVG attachments to bypass security tools, delivering phishing forms and malware with alarming effectiveness.
Threat actors are increasingly using scalable vector graphics (SVG) attachments in phishing campaigns to display fake login forms or deploy malware. Unlike standard image formats like JPG or PNG, SVGs are text-based and can contain embedded code, making them harder for security tools to detect. Recent campaigns demonstrate the growing versatility of SVGs in bypassing traditional cybersecurity measures.
SVGs differ from regular image files because they use math-based shapes and text instead of pixels. Yhey can be resized without losing quality, making them great for different screen sizes. However, this also makes it possible for attackers to hide harmful code or phishing forms inside them.
Recent samples shared by security researcher MalwareHunterTeam showcase the use of SVG attachments in phishing campaigns. These files serve various malicious purposes, including:
Security software struggles to detect these files due to their textual nature, as evidenced by low detection rates on platforms like VirusTotal.
BleepingComputer shared past campaigns where SVG attachments were used for malware delivery and concealing malicious scripts. The current trend shows an increase in their use for phishing, indicating that attackers are refining their methods to exploit SVG's unique characteristics.
Researchers warn that receiving SVG attachments in emails is uncommon for legitimate purposes. They recommend treating such files with caution unless they are expected, particularly in contexts involving developers.
The rise in SVG-based attacks indicates the growing need for stronger email security measures. While SVGs offer valuable functionality for legitimate uses, their technical properties also introduce vulnerabilities that traditional security tools may miss. To address these risks, organizations should focus on educating users to recognize suspicious attachments and adopt advanced detection mechanisms to counter emerging threats effectively.
Scalable vector graphics (SVG) is an XML-based file format used to display vector images. It allows graphics to scale without losing quality, making it ideal for web and digital designs.
Phishing is a cyberattack where scammers trick individuals into providing sensitive information, such as passwords or credit card numbers, by posing as trusted entities.
Malware is malicious software designed to harm, exploit, or take control of devices, networks, or data. Examples include viruses, ransomware, and spyware.
Malicious scripts are harmful code snippets embedded in websites, emails, or files. They execute actions like stealing data, installing malware, or redirecting users to unsafe sites.