HQ/EMEAFind out how we can help your business
The sudden surge of SVG attachments on phishing emails for various campaigns is becoming a concern for multiple organisations.
Based on reports, threat actors increasingly adopt Scalable Vector Graphics (SVG) attachments to display phishing forms or distribute malware without alerting security solutions or anti-phishing mechanisms.
Most photos on the web are JPG or PNG files, which are made up of grids of tiny squares known as pixels. Each pixel has a distinct colour value; when combined, these pixels comprise the full image. SVG, or Scalable Vector Graphics, shows images uniquely by creating graphics with lines, shapes, and text expressed in textual mathematical formulas in the code rather than pixels.
These vector pictures resize automatically without compromising image quality or shape, making them a potent disguise for threat actors’ malicious codes.
SVG attachments have gained traction among cybercriminals after their appearance on the Qbot malware operations.
Researchers noted that the SVG attachments are not novel techniques in phishing operations, but their contribution to the Qbot malware attacks has proved that it can be a substantial tactic for other threat actors.
Recent reports revealed that threat actors increasingly employ SVG files in phishing attempts. This strategy has been a potent procedure as it enables threat actors to build SVG attachments that display images and contain phishing forms to steal credentials.
A recent SVG attachment in one of the recent campaigns presents a false Excel spreadsheet with a built-in login form that, when filled out, transfers the data to the threat actors. Other SVG attachments also appear to be official documents or requests for more information, leading phishing email recipients to click the download button, which then downloads malware from a remote site.
Other operations also use SVG files and integrated JavaScript to automatically redirect browsers to sites that hold phishing forms when a user accesses the picture. The researchers explained that the threat from this tactic lies in the representations of images since security software solutions seldom detect them.
Therefore, anti-phishing solutions need an update that addresses this new technique to prevent the increasing infection rate and threat actors from adopting it. Users who receive emails with attached SVG files should consider them suspicious, especially unsolicited ones, since the new tactic is prevalent among cybercriminals.
