- Hackers use malicious SVG files to mimic Colombia’s legal system
- Victims download fake zipper that installs malware via a renamed browser and dll
- Over 500 found files; Probably spread through phishing, most targeted at Colombians
Hackers share malicious SVG files that falsified real sites to trick victims to download harmful items.
CyberSecurity scientists Virrustotal discovered malware after adding support to SVG to their AI-driven code insight platform.
Scalable vector graphics (SVG) files are used to display images that remain sharp in any size. Since they are based on XML, they can contain not only shapes but also scripts and embedded code, and attackers can take advantage of this by hiding malicious javascript or links inside an SVG. The file can then trigger drives-by-downloads, phishing redirects or script execution when opened in a browser.
500+ SVG files
In this campaign, SVG files opened with a browser that was made a credible-looking site for Colombia’s legal system, and also exhibited a false download status. Once the “download” is completed, users are asked to save a password-protected ZIP archive to their computers.
The SVG files are probably shared through phishing messages, falling an e -mail to court order or something similar.
“The false portal is reproduced exactly as described and simulates an official download process for government document,” Vrusterotal said in his report. “The phishing site includes case numbers, security tokens and visual signals to build trust, all designed in an SVG file.”
The downloaded Zip Archive repeatedly contained a legitimate executable from Comodo Dragon Web Browser, renamed to act as an official judicial document, a malicious DLL and two encrypted files. If the victim runs the browser, it triggers DLL and installs additional malware on the system.
VirusTotal said it now identified more than 500 SVG files that were part of the same campaign but has flown under the radar for antivirus solutions and other endpoint protection platforms.
We don’t know much about the victims, except that they are probably Colombian.
This is not the first time SVG files have been used to perform phishing -attack -back in February 2025, experts warned of an increasing number of events with .SVG files in attachments.
Via Bleeping computer
