Cybercriminals are increasingly leveraging Scalable Vector Graphics (SVG) files in phishing emails to display fake login forms or deliver malware while avoiding detection by security software. Unlike common image formats like JPG or PNG, SVG files use mathematical formulas to describe shapes, lines, and text, enabling them to resize without quality loss.
Threat actors exploit the unique properties of SVG files by embedding HTML and JavaScript using the <foreignObject> element. This allows the creation of phishing forms that can capture sensitive information or redirect users to malicious websites when the file is opened.
Recent campaigns have utilized SVG files to display fake spreadsheets or official-looking documents prompting user interaction. These attachments often lead to malware downloads or credential theft, while their textual structure makes them harder for security tools to detect, with VirusTotal showing few detections.
Since legitimate use of SVG attachments in emails is rare, recipients are advised to treat such files with caution and delete them unless explicitly expected.
Read more...