VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware.

VirusTotal detected this campaign after it added support for SVGs to its AI Code Insight platform.

VirusTotal’s AI Code Insight feature analyzes uploaded file samples using machine learning to generate summaries of suspicious or malicious behavior found in the files.

After adding support for SVGs, VirusTotal found an SVG file that had zero detections by antivirus scans, but whose AI-powered Code Insight feature detected using JavaScript to display HTML, impersonating a portal for Colombia’s government judiciary system.

**VirusTotal Code insights detecting a malicious SVG file**
*Source: VirusTotal*

SVG, or Scalable Vector Graphics, is used to generate images of lines, shapes, and text through textual mathematical formulas in the file.

However, threat actors have begun increasingly using SVG files in attacks, as they can also be used to display HTML using the element and execute JavaScript when the graphic is loaded.

In the campaign discovered by Virustotal, SVG image files are used to render fake portals that display a phony download progress bar, ultimately prompting the user to download a password-protected zip archive [VirusTotal]. The password for this file is displayed in the fake portal page.

“As shown in the screenshot…

Original article can be found here

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.