216.73.216.233

Unmasking the SVG Threat: How Hackers Use Vector Graphics for Phishing Attacks

· Published 07/08/2025 21:14 · Modified 07/08/2025 21:47

Export JSON

Essential information

Published
07/08/2025 21:14
Modified
07/08/2025 21:47
Tags
2025-08-07 browser execution captcha cloud storage credential-theft email attachments javascript phishing svg
Related entities
2 observables

Description

Attackers are exploiting Scalable Vector Graphics () files to execute sophisticated attacks. SVGs, typically used for scalable images, can contain embedded that executes when opened in a browser. The attack chain involves sending attachments via spear- emails or links. When opened, the file launches in the default web browser, allowing embedded scripts to execute and redirect victims to sites mimicking trusted services. The attackers use deceptive subject lines and innocuous-looking attachment names to avoid suspicion. The contains encrypted malicious code that, when decrypted, redirects to a site protected by a Cloudflare gate. Organizations are advised to implement deep content inspection, disable automatic rendering, educate employees, and monitor for unusual redirects and script activity.

External references