Skip to content
Search
Close search
Menu
Home News SVGs: A New Hiding Place for Malware 

Scalable Vector Graphics (SVG) files are a popular format for web graphics because they can be resized without losing quality.  However, cybercriminals are now exploiting SVGs to deliver malware, posing a new threat to unsuspecting users. 

Traditionally, SVG files would download malicious content from external sources. This made detection easier, as security software could identify and block these external connections. However, attackers are now finding ways to embed malicious code directly within the SVG file itself.  A tool called AutoSmuggle has even been developed to streamline this process for criminals. 

There are two main categories of SVG-based attacks: 

JavaScript-based attacks: These attacks use JavaScript embedded within the SVG file to download malicious payloads from a remote server. 

Archive-based attacks: These attacks involve tricking a user into opening a downloaded archive containing a malicious SVG file. 

In both cases, once the SVG file is executed, the malware can steal sensitive information, such as login credentials and credit card details, or take control of the infected device. 

The Rise of SVG Malware 

Two recent examples highlight the growing danger of SVG malware: 

Agent Tesla Keylogger: This keylogger can be hidden within an SVG file and used to capture a user’s keystrokes, including passwords and other sensitive data. 

XWorm RAT (Remote Access Trojan): This RAT can also be embedded in SVG files and gives attackers complete control over an infected device. 

These are just two examples, and security experts warn that SVG malware is likely to become more prevalent in the future. 

Staying Safe from SVG Malware 

Here are some steps you can take to protect yourself from SVG malware: 

  • Be cautious about downloading SVG files from untrusted sources. Only download SVG files from websites you know and trust. 
  • Use a security software suite that can detect and block malicious SVG files. Many security products now include protection against SVG-based threats. 
  • Disable JavaScript in your browser if you don’t need it. This will prevent JavaScript-based SVG attacks from working. 
  • Be wary of unexpected email attachments, even if they appear to be SVG files. Phishing emails are a common way for attackers to distribute malware. 

By following these tips, you can help to protect yourself from the growing threat of SVG malware. 

Related links:

https://securityboulevard.com/2024/03/svg-files-abused-in-emerging-campaigns/

https://www.bankinfosecurity.com/hackers-hiding-keylogger-rat-malware-in-svg-image-files-a-24598

14.03.24
Threat Intelligence Alerts
Mike Smith
Written by
Mike Smith
Incident Response & Threat Intelligence Manager

Related articles