Cybercriminals are increasingly using de fichiers Scalable Vector Graphics (SVG) to trap Internet users. Computer security researcher MalwareHunterTeam shared several examples of malware attacks phishing recent ones based on SVG files.
This file format is mainly used for creating graphics. It is often used for logos, icons and illustrations on the web. SVG offers great flexibility and very good image clarity, even at very different sizes. Actually the SVG fits at all screen resolutions. For graphic designers and other image professionals, SVG is very common.
Also read: here are the latest data leaks and French companies affected by cyberattacks
The differences of SVG compared to JPG
Generally, phishing attacks rely more on PNG, JPG or PDF files. These files are slipped into emails in the form of attachments. Once the Internet user opens the attachment, the document will lead to the installation of malware on their computer. This is why you should never click on an attachment sent by an unknown sender.
Increasingly, malicious attachments are not PNGs or JPGs, but SVGs. As reported by our colleagues from Bleeping ComputerSVG has several advantages for cybercriminals. SVG files are vector images. Unlike raster images, like JPG or PNG, which save each pixel individually, SVGs use code to describe the image on a computer. When opened in a browser, it will generate the image by interpreting the code.
To illustrate how an SVG file works, let's take the example of a blue circle with a radius of 50 pixels. An SVG file describes this circle by specifying its color, radius and position. On the other hand, a JPG file must record the information of each pixel that makes up this circle. These images are made up of grids of small squares called pixels. Each pixel has a precise color value, and it is all of these pixels that make up the complete image.
Very different from JPG and PNG, this method allows SVGs to be resized without loss of quality. Additionally, SVGs are lighter and easier to edit. Just change the circle settings rather than manipulating each pixel.
SVG, an asset for hackers
As explained above, SVG uses code to communicate with the computer and describes the image it contains. This code includes “lines, shapes and text described in mathematical formulas”. For hackers, this code is an attack vector. Cybercriminals can indeed hide malicious scripts in the file code.
When opening the file in a browser, the SVG may lead to the execution of HTML or Javascript code. Clearly, the SVG image that accompanies the email can automatically display a form phishing on your computer. This form obviously invites the victim to provide their personal data, or even their bank details.
To push the Internet user to fill it out, the hackers will choose code that imitates the design of a known website. By impersonating a platform known to lull the vigilance of their targets. For example, cybercriminals have used “a fake Excel spreadsheet” to retrieve user credentials. Once data is entered, it is automatically sent to remote servers.
Unfortunately, most antiviruses are not capable of detecting SVG files containing fraudulent code. Security software does not bother to scan these files, which are generally used for vector images. These therefore go under the radar of antiviruses. This is why hackers are increasingly fond of SVG. We therefore recommend that you never click on an SVG received by email.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Bleeping Computer
