Cybersecurity researchers have uncovered a new attack vector where hackers are weaponizing SVG (Scalable Vector Graphics) files to deliver the PureMiner malware. This innovative technique leverages the SVG file format, commonly used for vector images on the web, to bypass traditional security defenses and execute malicious code on victim systems. PureMiner is a stealthy cryptocurrency mining malware that exploits system resources to mine digital currencies without user consent, leading to degraded system performance and increased electricity costs.
The attack begins with the delivery of a crafted SVG file, often through phishing emails or compromised websites. Once the SVG file is opened or rendered, it triggers the download and execution of the PureMiner payload. This method is particularly concerning because SVG files are generally trusted and not flagged by many security solutions, allowing attackers to evade detection.
Organizations are urged to implement strict email filtering, educate users about the risks of opening unexpected attachments, and deploy advanced endpoint protection capable of analyzing SVG file behavior. Additionally, monitoring network traffic for unusual mining activity can help detect infections early.
This emerging threat highlights the evolving tactics of cybercriminals who continuously seek novel ways to exploit trusted file formats for malicious purposes. Staying informed and adopting a layered security approach is critical to defending against such sophisticated attacks.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 29 Sep 2025 08:05:13 +0000