November 17, 2024 at 11:37AM
Threat actors are increasingly using Scalable Vector Graphics (SVG) files for phishing and malware distribution due to their ability to evade detection. Unlike traditional image formats, SVGs use code to create images and can embed JavaScript, allowing attackers to hide malicious content. Users should treat unexpected SVG attachments as suspicious.
### Meeting Takeaways:
1. **Increased Threat from SVG Attachments**:
– Threat actors are increasingly utilizing Scalable Vector Graphics (SVG) attachments for phishing forms and malware deployment, successfully evading detection mechanisms.
2. **Understanding SVG**:
– Unlike standard image formats (JPG, PNG) that use pixels, SVG images are vector-based and constructed from lines, shapes, and text through mathematical formulas in the code, allowing them to resize without quality loss.
3. **Use in Phishing Campaigns**:
– SVG attachments have previously been reported in Qbot malware campaigns and are now more commonly employed in phishing attacks.
– They can both display graphics and execute JavaScript, risking user credentials through phishing forms embedded in SVG files.
4. **Recent Campaigns and Strategies**:
– Recent samples show SVGs being used to masquerade as official documents, prompting users to download malware.
– Some SVGs can automatically redirect users to malicious sites upon opening.
5. **Low Detection Risk**:
– SVG files are often not recognized by security software, with limited detections reported on platforms like VirusTotal, contributing to their use in attacks.
6. **Caution Recommended**:
– SVG attachments are not common in legitimate emails. If received, they should be treated with suspicion and may warrant deletion unless from a trusted source, particularly for developers expecting such files.