57/68 Tuesday, February 11, 2025
Security researchers from Sophos have reported that cybercriminals are increasingly using Scalable Vector Graphics (SVG) files to distribute malicious links via phishing emails. SVG files can open automatically in web browsers on Windows and support XML commands, allowing attackers to embed links to dangerous websites or inject malicious code. Sophos found that some spam and malware detection tools may struggle to effectively identify hidden content within SVG files, making this technique a rising trend among cybercriminals to evade security measures.
Sophos observed that phishing attacks using SVG files often appear as fake emails impersonating well-known services like Microsoft SharePoint, Dropbox, Google Voice, and DocuSign. These emails include an attached SVG file containing deceptive messages like “Click to view document” or embedded logos of the impersonated company. If the victim clicks the link, they are redirected to a phishing page designed to mimic the Office 365 login interface, tricking them into entering their credentials. Additionally, attackers have been found using Cloudflare’s CAPTCHA to bypass automated detection systems and sending stolen credentials to multiple servers, including Telegram bots via API.
Beyond SVG files, researchers also found hackers employing new techniques to evade security measures, such as embedding links in QR codes, spoofing domains to resemble legitimate brands, and leveraging Google services like Calendar and Drawings to send seemingly authentic invitations. Sophos warns that cybercriminals are developing tools capable of bypassing multi-factor authentication (MFA) protections, including Microsoft ADFS exploits and other advanced techniques. Organizations and users should exercise caution, avoid clicking links in suspicious emails, and implement advanced email security solutions capable of detecting sophisticated threats.
Source https://www.infosecurity-magazine.com/news/cybercriminals-graphics-files/
