VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia's judicial system that deliver malware.
VirusTotal detected this campaign after it added support for SVGs to its AI Code Insight platform.
VirusTotal's AI Code Insight feature analyzes uploaded file samples using machine learning to generate summaries of suspicious or malicious behavior found in the files.
After adding support for SVGs, VirusTotal found an SVG file that had zero detections by antivirus scans, but whose AI-powered Code Insight feature detected using JavaScript to display HTML, impersonating a portal for Colombia's government judiciary system.
VirusTotal Code insights detecting a malicious SVG file
Source: VirusTotal
SVG, or Scalable Vector Graphics, is used to generate images of lines, shapes, and text through textual mathematical formulas in the file.
However, threat actors have begun increasingly using SVG files in attacks, as they can also be used to display HTML using the
In the campaign discovered by Virustotal, SVG image files are used to render fake portals that display a phony download progress bar, ultimately prompting the user to download a password-protected zip archive [VirusTotal]. The password for this file is displayed in the fake portal page.
"As shown in the screenshots below, the fake portal is rendered exactly as described, simulating an official government document download process," explains VirusTotal.
... continue reading