More

    Hackers are sneaking malware into SVG images to bypass antivirus – here’s what we know

    Exploits
    Malware attack virus alert , malicious software infection , cyber security awareness training to protect business
    (Image credit: Shutterstock)
    • Hackers use malicious SVG files to mimic Colombia’s judicial system
    • Victims download fake ZIPs that install malware via a renamed browser and DLL
    • Over 500 files found; likely spread through phishing, mostly targeting Colombians

    Hackers are sharing malicious SVG files which spoof real-life websites in order to trick victims into downloading damaging items.

    Cybersecurity researchers VirusTotal spotted the malware after adding support for SVG to their AI-powered Code Insight platform.

    Scalable Vector Graphics (SVG) files are used to display images that stay sharp at any size. Since they’re based on XML, they can contain not just shapes but also scripts and embedded code, and attackers can exploit this by hiding malicious JavaScript or links inside an SVG. The file can then trigger drive-by downloads, phishing redirects, or script execution when opened in a browser.

    In this campaign, SVG files opened with a browser rendered a credible-looking website of Colombia’s judicial system, also displaying a fake download progress bar. Once the “download” is completed, the users are prompted to save a password-protected ZIP archive to their computers.

    The SVG files are most likely shared through phishing messages, spoofing a court order email or something similar.

    “The fake portal is rendered exactly as described, simulating an official government document download process,” VirusTotal said in its report. “The phishing site includes case numbers, security tokens, and visual cues to build trust, all of it crafted within an SVG file.”

    The downloaded ZIP archive reprotedly contained a legitimate executable from the Comodo Dragon web browser, renamed to seem as an official judicial document, a malicious DLL, and two encrypted files. If the victim runs the browser, it triggers the DLL, installing additional malware onto the system.

    VirusTotal said that it now identified more than 500 SVG files that were part of the same campaign, but have flown under the radar of antivirus solutions and other endpoint protection platforms.

    We don’t know a lot about the victims, other than they are most likely Colombian.

    This isn’t the first time SVG files have been used to carry out phishing attacks – back in February 2025, experts warned of a rising number of incidents with .SVG files in attachments.

    Via BleepingComputer

    You might also like

    TOPICS

     

    BladeOne
    BladeOne

    Latest articles

    Previous article
    Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
    Next article
    MAGA may make for great politics, but so far it’s been bad geopolitics

    Related articles

    Popular articles

    Featured

    Newsletter

    Subscribe to get the latest news, offers and special announcements.

    By subscribing, you're accepting to receive promotions.

    Copyright © 2025 BladeOne. All Rights Reserved.