Summary:
AhnLab Security Intelligence Center has reported an increase in malware distributed via Scalable Vector Graphics (SVG) files, often sent as attachments in phishing emails. These SVG files exploit their XML-based format to deliver malicious payloads, including information-stealing malware. Users are advised to be cautious with SVG attachments from unknown sources.
#SVGMalware #PhishingThreats #AhnLab
AhnLab Security Intelligence Center has reported an increase in malware distributed via Scalable Vector Graphics (SVG) files, often sent as attachments in phishing emails. These SVG files exploit their XML-based format to deliver malicious payloads, including information-stealing malware. Users are advised to be cautious with SVG attachments from unknown sources.
#SVGMalware #PhishingThreats #AhnLab
Keypoints:
Multiple instances of malware are being distributed in SVG format.
SVG files are used in phishing emails, containing instructions for execution.
Two types of SVG malware identified: downloader type and phishing type.
The downloader type prompts users to download a PDF file and includes hyperlinks to additional malware.
The phishing type encodes user account information and sends it to the threat actor’s server.
Malicious code is hidden within image content elements, making detection difficult.
Users are advised to avoid opening SVG files from unknown sources.
MITRE Techniques
Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
Data Obfuscation (T1001): Uses techniques to obscure data to evade detection.
Credential Dumping (T1003): Collects user credentials from compromised systems.
Exploitation of Remote Services (T1210): Takes advantage of vulnerabilities in remote services to gain access.
IoC:
[File Hash] 1cb57bf424b43b0fa31578e943abc294
[File Hash] 62fe867077a03214208fa5c9f9f1c743
[File Hash] c3bd20a26cad5cd8d5ff8174f70966f0
[File Hash] d3acfbea0cfc732e819301c490b3bb89
Full Research: https://asec.ahnlab.com/en/84720/