Watch out for SVG files booby-trapped with malware

Have you ever thought about how what you see may not always be what you get when it comes to cybercriminals and malware? It turns out, SVG files are becoming a popular tool for delivering stealthy malware.

Let’s dive into a recent malware campaign in Latin America that showcases how cybercriminals are constantly evolving their tactics. The campaign utilizes social engineering, with emails that appear to be urgent messages from trusted sources, aiming to trick recipients into clicking on malicious links or attachments without a second thought.

The end goal of this campaign is to install AsyncRAT, a remote access trojan that gives attackers control over compromised devices. What sets this campaign apart is the use of oversized SVG files, which contain all the necessary components within the file itself, eliminating the need for external connections to control compromised devices.

Why SVG files?

SVG files are lightweight and versatile, making them ideal for storing text, shapes, and graphics. Attackers leverage this versatility to embed scripts and links within SVG files, making them a perfect vehicle for delivering malware while evading detection.

The campaign in question targets Colombia, with victims receiving SVG attachments disguised as important court documents. When opened, these files initiate a series of steps that ultimately lead to the installation of malicious payloads.

One such SVG file detected by ESET products as JS/TrojanDropper.Agent.PSJ plays out a process that culminates in the download of a password-protected ZIP archive containing the malware.

What’s inside the SVG?

Each victim receives a unique SVG file, filled with randomized data to evade detection. The payload is embedded within the XML of the SVG file, assembled dynamically to complicate detection by security tools.

Stay vigilant

It’s crucial to remain vigilant against such threats. Avoid clicking on unsolicited links or attachments, especially those that use urgent language. Treat SVG files with suspicion, as legitimate organizations do not typically send important documents in this format.

Combine vigilance with strong cybersecurity practices, such as using unique passwords and enabling two-factor authentication. Installing security software on all devices is essential in protecting against cyber threats.

Leave a Reply

Your email address will not be published. Required fields are marked *