Cybercriminals are exploiting the SVG file format to conduct phishing attacks that bypass existing anti-spam and anti-phishing protection. These attacks involve email messages with .svg file attachments, which open in the default browser on Windows computers. The SVG files contain anchor tags and scripts that link to malicious web pages, often disguised as legal documents or voicemails. When victims click on the embedded links, they are directed to phishing pages that mimic popular services like DocuSign, Microsoft SharePoint, and Office365. The attackers use various social engineering techniques and sophisticated methods to capture and exfiltrate user credentials. Some SVG files even contain encoded malware. To protect against this threat, users are advised to change the default program for opening SVG files and be cautious of suspicious emails. Author: AlienVault
Related Tags:
troj/autoit-dhb
browser-based attacks
svg
file format abuse
Nymeria
T1102.003
evasion techniques
T1102.002
T1059.007
Associated Indicators:
ADDDF7D3E2D2D56BE1F0D91CC2290C7E1610DFC5BAF5051FE48991548AE948D3
034D6D0183D51A282B550349F2D00097DB9E345C1B605A70F2C9C6FC99B141BD
ED6E1C0853BDB1E68F8C4B94E530DA9727359A699298F099D281E41DAC5EFD98
7DD26012E5ECB6D72723DF3DB852564C6DAB9AD73F969DC1AF65461198357FC2
F2C1E0768A2103170F269844CE2A9434EF615F012D4497560588511B68F1A0DB
7F4CD360E8A375115552D6088487656072FE6DBF5B3832F1EE1D1DEED4064214
28E684ACF058657A45777395EBD88B6BC68124B2269DD00E9C8F0F64D9E2146D
1962880A3C8B2C6EAC8D53F8665ECAC9CA72F705C5834E35B46B8148AC541AE5
E408C32C9275D7D2504AEA77B6CC99E566DC35E008C960ABA15EFDE722A358B4