- Computer pirates use malicious SVG files to imitate the judicial system of Colombia
- The victims download false zippers that install malware through a renamed browser and DLL
- More than 500 files found; Probably spread through phishing, mostly attacking Colombians
Computer pirates share malicious SVG files that falsify real life websites to deceive victims to download harmful items.
Virustotal cybersecurity researchers detected malware after adding SVG support to their code information platform with AI.
The scalable vector graphics files (SVG) are used to show images that are kept clear in any size. Since they are based on XML, they can contain not only forms, but also scripts and integrated code, and attackers can explode this hiding malicious JavaScript or links within a SVG. The file can activate transmission discharges, phishing or script execution redirects when it opens in a browser.
500+ SVG files
In this campaign, the SVG files opened with a browser rendered a credible -looking website of the Colombian judicial system, which also shows a false download progress bar. Once the “download” is completed, users are asked to keep a ZIP file protected with password on their computers.
It is very likely that SVG files will be shared through phishing messages, falsifying an email of a court order or something similar.
“The false portal is presented exactly as described, simulating an official process of discharge of government documents,” Virustotal said in his report. “The Phishing site includes numbers of cases, security tokens and visual signals to generate trust, all elaborated within a SVG file.”
The unloaded Zip file reproduced a legitimate executable of the Dragon Comodo web browser, renowned to look like an official judicial document, a malicious DLL and two encrypted files. If the victim executes the browser, triggers the DLL, installing additional malware in the system.
Virustotal said that he now identified more than 500 SVG files that were part of the same campaign, but that they have flown under the radar of antivirus solutions and other final points protection platforms.
We do not know much about the victims, apart from those that are probably Colombian.
This is not the first time that SVG files are used to carry out phishing attacks, in February 2025, experts warned about an increasing number of incidents with .SVG files in attachments.
Through Bleepingcomputer
