A new attack vector has been discovered that takes advantage of Scalable Vector Graphics (SVG) files, allowing cybercriminals to bypass traditional security measures and execute malicious JavaScript code on Windows systems. Unlike conventional image formats like JPEG or PNG, SVGs can contain embedded scripts that automatically execute when opened in browsers.
When users open these seemingly harmless image files, they are launched in the default web browser, executing any embedded scripts without user awareness. Attackers have been using spear-phishing emails with deceptive subject lines and innocuous-looking SVG attachments to distribute their malicious payloads.
The malicious SVG samples analyzed contain hidden JavaScript payloads encoded in CDATA sections, which can decode into executable code when processed. The decoded payload uses phishing commands to redirect victims to sites that mimic trusted services like Microsoft 365 or Google Workspace.
Security experts recommend implementing deep content inspection specifically for SVG files and disabling automatic browser rendering of SVGs from untrusted sources. Organizations should also configure email systems to quarantine or strip potentially dangerous file types.
This attack method represents a growing trend, requiring immediate attention from cybersecurity professionals worldwide. As the threat landscape continues to evolve, it’s essential for IT security teams to educate employees about the risks of opening unfamiliar attachments and monitor network traffic for unusual redirects and script activity.
Source: https://cyberpress.org/svg-malware