FlagThis

Cybercriminals are increasingly leveraging Scalable Vector Graphics (SVG) files in phishing attacks to circumvent traditional email security measures. Sophos researchers have uncovered this rising threat, noting that attackers use SVG files to distribute malicious links leading to credential theft. These SVG files, commonly used for vector-based images, can contain hyperlinks and scripts within their text-based XML instructions, enabling attackers to embed malicious content directly within the graphics file.

Attackers often employ social engineering tactics in phishing emails, impersonating well-known brands like DocuSign, Microsoft SharePoint, Dropbox, and Google Voice to trick recipients into opening the malicious SVG attachments. When a user clicks the embedded link, they are redirected to a credential-harvesting site disguised as a legitimate login portal. Sophos has observed increasingly sophisticated SVG phishing attacks, including the use of Cloudflare CAPTCHA gates, credential pre-filling, live phishing templates, and JavaScript auto-redirects to further evade detection.

ImgSrc: assets.infosecu

References :

• securityonline.info: Sophos Uncovers Rising Threat of SVG-Based Phishing Attacks
• ciso2ciso.com: Cybercriminals Weaponize Graphics Files in Phishing Attacks – Source: www.infosecurity-magazine.com
• ciso2ciso.com: Ciso2Ciso - Cybercriminals Weaponize Graphics Files in Phishing Attacks

Classification:

• HashTags: #PhishingAttacks #SVGFiles #EmailSecurity
• Company: Sophos
• Target: Email Users
• Attacker: Sophos
• Product: SVG
• Feature: Scalable Vector Graphics
• Type: Phishing
• Severity: Medium