Exploitation of SVG attachments in phishing on the rise

18 November 2024

While SVG primarily enables the crafting of images using text, lines, and shapes in code rather than pixels, such files could also be utilized to show HTML and facilitate JavaScript execution in credential-stealing phishing forms, with BleepingComputer noting the discovery of an SVG attachment showing a phony Excel spreadsheet with a login form that allowed data exfiltration. Attackers have also used SVG attachments spoofing official information requests that lure targets into downloading malware, as well as other SVG files with images that redirect to phishing forms.

Source: SC Magazine

Date:

18 November 2024

Categorie(s):

NEWS

Tag(s):

Exploitation, IT, Malware, News, SVG

Swiss Cyber Agency Warns of QR Code Malware in Mail Scam18 November 2024
‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise18 November 2024
QuickBooks popup scam still being delivered via Google ads18 November 2024
Sweden’s ‘Doomsday Prep for Dummies’ guide hits mailboxes today18 November 2024
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)18 November 2024