Cybercriminals are increasingly using Scalable Vector Graphics (SVG) files to spread phishing emails or malware and evade detection.
SVG files utilise vector-based graphics, unlike the more popular JPG or PNG images found online, which consist of grids of small squares called pixels. Each pixel in a JPG or PNG image has a unique colour value, and these pixels work together to create the entire picture.
SVG (Scalable Vector Graphics) generates pictures using mathematical formulae rather than pixels. These formulas define lines, shapes, and text in the code, allowing graphics to scale precisely to any size.
Unlike traditional image formats, SVGs maintain their clear quality whether displayed on a small mobile screen or a large desktop monitor.
Cybercriminals have found a risky new method for stealing login information by taking advantage of SVG images. When opened, these ostensibly unaffected image attachments can covertly execute HTML and JavaScript code to show realistic-looking fake login forms.
Scammers use this technique to bypass automated detection systems on computers and phones. The program additionally aims to trick users into clicking malicious links or filling out forms that steal personal or financial information before they notice the risk.
Excel Phishing Using SVG: A Stealthy Evasion Technique
SVG files are becoming increasingly popular weapons in phishing attacks, reports security researcher MalwareHunterTeam. Although its malicious usage is not new, since it has been used in earlier Qbot malware attacks, hackers are coming up with new ways to take advantage of these adaptable
SVG files can show images, include HTML with the <foreignObject> tag, and run JavaScript upon loading. This allows attackers to generate SVG-based phishing forms that harvest passwords.
For instance, VirusTotal recently analysed an SVG file that imitated an Excel spreadsheet with an embedded login form. Upon submission, the form directly exposed credentials to attackers.
SVG attachments have been used in recent attempts to trick users into clicking a download button by posing as official papers or information requests. This action installs malware from a remote site. Additionally, certain attempts include JavaScript in SVG files, which, when viewed, redirect browsers to phishing websites.
SVG files are particularly problematic because they are textual representations of images, making them more challenging for security systems to identify effectively. VirusTotal’s analysis shows that such files are rarely flagged by security systems, with only one or two detections reported.
As the holiday season gets near, scammers are scaling up their operations. Multiple warnings have been sent out by security experts on an increase in fake websites and modified search results that are intended to trick unsuspecting consumers.
UK law enforcement agencies has encouraged consumers to remain vigilant against scams that pressure individuals into making hasty decisions. Scammers frequently employ tactics such as limited-time offers or claims of exclusive availability to create a false sense of urgency.
One recent incident is the Winter Fuel Payment Text Scam, which allegedly targets UK retirees in the winter. Scammers are taking advantage of the festive season to mislead victims into revealing personal information or money.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.
