Ethical Hacking News
A recent discovery by VirusTotal has exposed a hidden malware phishing campaign that was embedded in Scalable Vector Graphics (SVG) files. The campaign used AI-powered tools to convincingly impersonate official government documents, targeting users with convincing portals. Stay vigilant and exercise caution when interacting with unfamiliar links or attachments.
VirusTotal discovered a sophisticated phishing campaign hidden within SVG files. The campaign used AI-powered Code Insight to evade detection by traditional antivirus software. Threat actors impersonated the Colombian government judiciary system using convincing portals and visual cues. The phishing site contained a password-protected zip archive with malicious files, including a DLL. AI-powered tools like SVG files and JavaScript were used to create convincing portals that bypassed traditional security measures.
In a recent discovery, VirusTotal, a leading security platform, has exposed a sophisticated phishing campaign that was hidden within Scalable Vector Graphics (SVG) files. The campaign, which involved the use of AI-powered Code Insight feature, successfully evaded detection by traditional antivirus software and targeted users with convincing portals impersonating official government documents.
According to the report, VirusTotal's AI Code Insights platform was instrumental in identifying the malicious SVG file. By analyzing uploaded file samples using machine learning algorithms, the AI Code Insights feature detected suspicious behavior within the SVG file, including the use of JavaScript to display HTML and execute malicious code. This led to the identification of a password-protected zip archive containing four files: a legitimate executable from the Comodo Dragon web browser, renamed to appear as an official judicial document; a malicious DLL; and two encrypted files.
The phishing site, which was embedded in SVG files, displayed case numbers, security tokens, and visual cues designed to build trust with users. This deceptive tactic allowed threat actors to convincingly impersonate the Colombian government judiciary system, prompting users to download the password-protected zip archive.
BleepingComputer found that the extracted file contained the malicious DLL, which would be sideloaded onto the user's system upon opening the executable. The addition of SVG support to AI Code Insights was crucial in exposing this campaign, as it enabled VirusTotal to identify previously evaded files.
This incident highlights the evolving tactics used by threat actors to evade detection and target users with sophisticated phishing campaigns. The use of AI-powered tools, such as SVG files and JavaScript, allows attackers to create convincing portals that can bypass traditional security measures.
According to Lawrence Abrams, Editor-in-Chief of BleepingComputer.com, "This is where Code Insight helps most: giving context, saving time, and helping focus on what really matters. It's not magic, and it won't replace expert analysis, but it's one more tool to cut through the noise and get to the point faster."
The discovery by VirusTotal underscores the importance of staying vigilant in today's digital landscape. As threat actors continue to evolve and refine their tactics, security professionals must remain proactive in identifying and mitigating emerging threats.
In light of this incident, users are advised to exercise extreme caution when interacting with links or attachments from unfamiliar sources. Additionally, keeping antivirus software up-to-date and utilizing advanced security measures, such as AI-powered Code Insights platforms, can help identify and block sophisticated phishing campaigns like the one exposed by VirusTotal.
Related Information:
https://www.ethicalhackingnews.com/articles/VirusTotal-Unmasks-Hidden-Malware-Phishing-Campaign-Hiding-in-SVG-Files-ehn.shtml
https://www.bleepingcomputer.com/news/security/virustotal-finds-hidden-malware-phishing-campaign-in-svg-files/
https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html
Published: Sat Sep 6 14:28:59 2025 by llama3.2 3B Q4_K_M
