VirusTotal Finds Hidden Malware Phishing Campaign in SVG Files

In a new and concerning development, security researchers at VirusTotal have identified a sophisticated phishing campaign that uses Scalable Vector Graphics (SVG) files to deliver malware. This method is particularly deceptive because SVG files, a common format for web images and icons, are often perceived as harmless and are not typically flagged by standard security filters. The discovery highlights a significant and evolving threat landscape where attackers are using creative new ways to bypass existing cyber defenses.

The campaign, which has been dubbed “SVGPhish,” leverages a little-known capability of the SVG format to execute JavaScript code. Attackers embed malicious code within the SVG file itself, which can then be triggered when the file is opened in a web browser. The code is designed to redirect users to a phishing page that mimics legitimate services, such as cloud storage providers or social media platforms. By the time a user realizes they’ve been redirected, their credentials may have already been stolen.

What makes this method so effective is its ability to bypass email and antivirus scanners. Many security tools do not scrutinize SVG files for executable code, treating them simply as image files. This allows the phishing emails to land directly in a user’s inbox, creating a high-trust environment where the user is more likely to click on the malicious attachment.

Security experts are urging both organizations and individual users to be vigilant. They recommend being cautious of any unexpected attachments, even those from trusted senders, and to always verify the URL of a login page before entering credentials. This incident serves as a crucial reminder that cyber threats are constantly adapting. The use of a seemingly benign file format like SVG for malware delivery underscores the need for a multi-layered security approach and continuous user education.