Ethical Hacking News
SVG files have been used in a hidden malware campaign impersonating Colombian authorities, evading detection from traditional antivirus software and spreading malware and phishing attacks to unsuspecting victims. As more attackers begin to use SVG files in their malicious activities, it is essential that security tools are able to analyze and understand these formats.
The recent months have seen a hidden malware campaign using SVG files to impersonate Colombian authorities. The attackers created phishing campaigns with JavaScript code, evading detection from traditional antivirus software. 140,803 unique SVG files were flagged as malicious by at least one antivirus engine, but many slipped past detection and delivered malware or phishing attacks. A malicious SVG file uploaded to VirusTotal contained hidden JavaScript code that built a fake portal, which actually downloaded a malicious ZIP file when clicked. Attackers used tactics like obfuscation, polymorphism, and dummy code to evade detection. The use of SVG files highlights the need for security tools to analyze and understand these formats.
In recent months, a hidden malware campaign has been uncovered that utilized SVG files to impersonate Colombian authorities. The malicious activity was discovered by VirusTotal researchers, who found that the attackers had created a series of phishing campaigns using SVG files that contained JavaScript code. This allowed the attackers to deploy fake login pages and spread malware, all while evading detection from traditional antivirus software.
The campaign involved a large number of unique SVG files, with 140,803 being flagged as malicious by at least one antivirus engine. However, despite this, many of these files were able to slip past detection and deliver malware or phishing attacks to unsuspecting victims. This highlights the need for more advanced security measures, such as AI-powered threat analysis tools, to detect and prevent such attacks.
One particularly insidious example of the campaign involved a malicious SVG file that was uploaded to VirusTotal just days after the company added support for SVG analysis. The file contained hidden JavaScript code that built a fake Colombian judicial portal, complete with a "file download" progress bar. However, when users clicked on this button, they were actually downloading a malicious ZIP file.
The attackers used various tactics to evade detection, including obfuscation, polymorphism, and dummy code. However, Code Insight, a security tool that was able to analyze the SVG files, revealed the truth behind these attacks. The researchers noted that "SWF and SVG are very different formats from very different eras, but both can still cause headaches for analysts."
Another example of the campaign involved 44 malicious SVGs that were uploaded to VirusTotal, all of which were invisible to traditional antivirus software but flagged by Code Insight. These files contained a range of malware payloads, including polymorphic code and dummy data.
The use of SVG files in these attacks highlights the need for security tools to be able to analyze and understand these types of formats. This is particularly important as more and more attackers begin to use SVG files in their malicious activities.
In conclusion, the recent discovery of a hidden malware campaign using SVG files to impersonate Colombian authorities highlights the evolving nature of cyber threats. As attackers continue to adapt and innovate, it is essential that security tools are able to keep pace with these developments. By analyzing and understanding the tactics used by attackers, security professionals can better protect their organizations from these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Impersonating-Authorities-How-SVG-Files-Were-Used-to-Spread-Malware-and-Phishing-Campaigns-ehn.shtml
https://securityaffairs.com/181917/malware/svg-files-used-in-hidden-malware-campaign-impersonating-colombian-authorities.html
Published: Fri Sep 5 06:11:05 2025 by llama3.2 3B Q4_K_M
