The Trustwave SpiderLabs Email Security team has identified a significant increase in SVG image-based attacks, where seemingly harmless graphics are used to conceal dangerous links. Cybercriminals are exploiting the ability of SVG files to embed JavaScript, which can execute automatically upon opening. This technique has led to a 1800% increase in SVG-based phishing attacks in early 2025 compared to the previous year. The attacks are primarily driven by Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA. These SVG files are particularly dangerous because they can bypass traditional security measures and appear innocuous to users. The blog post analyzes various techniques used in these attacks and provides recommendations for protection, including blocking SVG attachments, implementing advanced email security, and enhancing user awareness. Author: AlienVault
Related Tags:
tycoon2fa
Dreambot
PE_URSNIF
Gozi-ISFB
Ursnif – S0386
cybersecurity
svg
T1080
email security
Associated Indicators:
http://grado33closet.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVl6WlpSVGs9JnVpZD1VU0VSMDQwMzIwMjVVNDEwMzA0MDM=