Weaponized SVG Files Used by Threat Actors to Redirect Users to Malicious Sites

Cybercriminals are increasingly weaponizing Scalable Vector Graphics (SVG) files to orchestrate sophisticated phishing campaigns.

According to research from Intezer, a cybersecurity firm that triages millions of alerts for enterprises globally, attackers are embedding malicious JavaScript within SVG files to redirect unsuspecting users to credential-harvesting phishing sites.

This technique, dubbed “Script in the Shadows,” has proven alarmingly effective, bypassing modern email security filters and endpoint protections to reach victims’ inboxes undetected.

The abuse of SVG, an XML-based format for rendering two-dimensional graphics, leverages its inherent ability to house scripts and interactive elements, turning a seemingly innocuous image file into a potent attack vector.

Decoding the Stealthy Attack Mechanism

The intricacy of this phishing method lies in its multi-layered obfuscation, designed to evade static analysis by security scanners.

Intezer’s analysis revealed that threat actors encode malicious JavaScript in Base64 within SVG files, often concealed inside ...