VirusTotal's AI Code Insight feature has uncovered a previously undetected phishing operation that uses SVG image files to impersonate Colombia's judicial system. The campaign, which went unnoticed by traditional antivirus scanners, leverages SVG's capability to embed and execute JavaScript code. This allows the files to render convincing fake login and document download portals directly within the image when viewed.
These deceptive SVG graphics display counterfeit progress bars and official-looking case details to lure victims into downloading a password-protected ZIP file. The password is conveniently shown on the fake portal to build trust. Once extracted, the archive contains a renamed legitimate executable and a malicious DLL designed for sideloading, which ultimately installs additional malware on the system.
Following the initial discovery, VirusTotal identified over 500 related SVG files that were part of the same campaign. The implementation of AI analysis was critical in detecting this threat, demonstrating how machine learning can provide essential context and accelerate the identification of evolving attack methods that bypass conventional security tools.
Read more...