Hackers Exploit SVG Files For Stealthier Phishing Attacks

Hackers exploit SVG files in phishing emails, embedding fake forms or malware links. These files evade detection by security software, making rare SVG attachments suspicious and potentially dangerous.

According to a report by BleepingComputer (BC), MalwareHunterTeam has identified additional threat actors exploiting Scalable Vector Graphics (SVG) attachments to carry out more covert phishing or malware attacks.

The cybersecurity researchers have identified a growing trend among hackers exploiting SVG files to bypass security systems and conduct phishing attacks. These files, which often appear harmless, are being used to deliver malware or trick users into sharing sensitive information, says BC.

BC explains that SVG files differ from typical image formats like JPG or PNG, which use pixels to create images. Instead, SVG files rely on lines, shapes, and text described through code. This allows them to resize without losing quality, making them widely used in web applications.

However, the same qualities that make SVG files versatile also make them attractive to cybercriminals, as noted by BC.

Hackers are embedding SVG files in phishing emails to launch attacks in creative and deceptive ways. Security researcher MalwareHunterTeam, who analyzed recent campaigns, found that some SVG files include phishing forms that mimic legitimate login pages, as reported by BC.

For example, one instance displayed a fake Excel spreadsheet with a login form. When users entered their credentials, the information was sent directly to the attackers.

BC explains that other SVG files are disguised as official documents or forms, encouraging users to click on links that lead to malware downloads. In some cases, opening the SVG file triggers embedded JavaScript, which redirects the user’s browser to a phishing website designed to steal personal information.

These tactics are effective partly because SVG files often evade detection by security software. Since they primarily consist of code representing an image, they can appear harmless to antivirus tools.

According to samples analyzed by BleepingComputer, most SVG attachments flagged as malicious were detected by only one or two security systems.

While receiving an SVG attachment in an email is uncommon for most users, it’s important to exercise caution. Unless you are expecting such a file from a trusted source, such as a developer or designer, it’s best to delete any email containing an SVG attachment.

Remaining vigilant and skeptical of unfamiliar attachments can help protect against these increasingly sophisticated phishing techniques. As attackers continue to refine their methods, staying informed and cautious is critical to avoiding potential threats.