According to their analysis, these malicious SVG files frequently appear as seemingly harmless email attachments that trigger no alerts from traditional security solutions. A particularly concerning trend involves the weaponization of Scalable Vector Graphics (SVG) files, which are being embedded with malicious JavaScript code designed to redirect unsuspecting users to credential-harvesting websites. “The flexibility of SVG files makes them an ideal candidate for evading security filters, as many security solutions do not deeply inspect SVG files for embedded JavaScript,” the research team reported. In multiple documented cases, malicious SVG files received zero detections on VirusTotal, allowing them to reach intended victims without triggering security alerts. These attacks exploit the inherent flexibility of SVG files while evading traditional detection mechanisms, allowing threat actors to successfully deliver phishing payloads to user inboxes. Phishing campaigns have evolved significantly in 2025, with threat actors increasingly leveraging unconventional file formats to bypass security solutions. Their research depicts the need for deeper inspection of unconventional file formats and highlights how SVG files have become an increasingly common attack vector in the cybersecurity landscape of 2025. Unlike traditional image formats, SVG files support embedded scripts, hyperlinks, and interactive elements, making them particularly versatile for both legitimate use and malicious exploitation. Intezer researchers noted a significant increase in SVG-based attacks throughout early 2025, documenting multiple instances where these weaponized files successfully bypassed email protections. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. When analyzing sample file b5a7406d5b4ef47a62b8dd1e4bec7f1812162433955e3a5b750cc471cbfad93e, Intezer researchers discovered an intricate multi-step obfuscation pattern designed to evade detection. The script employs multiple layers of protection: string reversal, strategic insertion of junk characters that are programmatically removed, hexadecimal-to-ASCII conversion through a mathematical formula, and finally, URL reconstruction that redirects victims to a credential-harvesting page. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This detection gap represents a significant blind spot in current email and endpoint security solutions. What makes this technique particularly effective is the multi-layered obfuscation that conceals the malicious payload from static analysis engines. When a victim opens the SVG file, the encoded script executes, decodes itself, and silently redirects the user to a phishing site designed to harvest credentials. This complex approach ensures that traditional static analysis tools cannot easily identify the malicious behavior. SVG files, commonly used for legitimate web graphics purposes, are XML-based formats capable of rendering two-dimensional graphics.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Apr 2025 09:00:13 +0000