Cybercriminals are using image files in unexpected ways, turning harmless-looking graphics into traps which install malware.
A New Kind of Digital Deception
Most people think of image files as safe. After all, the online world is full of pictures for people to look at and share. But recently, cybercriminals have been exploiting this level of trust. Security researchers have uncovered a phishing campaign which places image files at the center of its attack. Instead of sending traditional fake emails with malicious links or attachments, the attackers have been hiding their malicious payload inside SVG image files. These are then used to trick users into downloading malware.
As we all use email on a daily basis, it’s important that we understand what these threats look like and the best ways to protect ourselves.
How the SVG Attack Works
SVG files are slightly different to your usual photos. This is because they’re made up of text instructions which tell your computer how to draw shapes and lines. For web graphics, this flexibility is fantastic for delivering crisp visuals. Unfortunately, in the wrong hands, it can be used to also sneak in malicious content. In this latest attack, the threat actors designed SVGs that displayed what looked like a legitimate portal for Colombia’s judicial system. It appeared genuine as the portal displayed case numbers, prompts, and a progress bar, but it was far from safe.
If someone interacted with the portal, they were encouraged to download a ZIP file. This file contained several components: a web browser which appeared to be a judicial document, a hidden malicious file, and other various encrypted files. The browser appeared to be harmless, but once activated, it caused the hidden malicious file to load in the background. This allowed the attack to establish itself and start downloading malware on the victim’s PC. This method is known as DLL sideloading and allows hackers to bypass typical security checks.
The scale of the campaign appears to have been significant. So far, researchers have identified over 500 of these malicious SVG files. They all work in the same way, appearing to be harmless files while opening a back door for malware delivery. The attack method was also innovative as antivirus programs didn’t detect them as being harmful, so they passed through security barriers with ease. It was only when advanced security software was able to analyze the files’ unusual behavior that alarm bells started to ring.
Keeping Your Systems Safe from Malicious SVG Files
Malware threats continue to evolve and the SVG attack only underlines this. What’s particularly troubling about this attack is how real the images looked. However, there are a number of simple steps you can take to enhance the safety of your systems:
- Be Wary of Email Attachments: Never open SVGs or other attachments unless you’re certain of where they came from. And even if they do look legitimate, it’s vital that you take a few minutes to double check everything in the email. Remember: if in doubt, run it by an IT professional.
- Use Advanced Security Tools: Antivirus with behavioral or AI-driven detection – such as Microsoft Defender and BitDefender – are more likely to catch sophisticated threats than free anti-malware packages.
- Always Install Updates: Patches and firmware upgrades are the most effective ways of closing off the vulnerabilities attackers often use to sneak onto your systems. Better yet, enable automatic updates to ensure your protection level is always at its highest.
For more ways to secure and optimize your business technology, contact your local IT professionals.
