Cybercriminals Up Their Game with SVG Phishing Attacks
Cybercriminals have been employing novel phishing tactics, including the use of QR codes and exploiting email protection service configurations. A worrying trend has emerged since late 2024, with an increase in malicious SVG files attachments since mid-January 2025.
SVG files, which can contain active web content, are being used to disguise malicious links as graphics. Attackers are exploiting this feature to bypass conventional endpoint and mail protection tools. Phishing sites mimic legitimate login dialogs and use CloudFlare CAPTCHA to capture credentials. CERT.at has documented this increased use of SVG files by cybercriminals in 2025, warning about a significant rise in such phishing campaigns.
Attackers are becoming more sophisticated, using various subject lines and lures, impersonating well-known brands, and targeting different languages based on the recipient's top-level domain. SVG files can impersonate multiple entities, making phishing attacks harder to detect. Even multi-factor authentication (MFA) protections are being bypassed during these campaigns.
The rise in malicious SVG files attachments and the use of novel phishing tactics pose significant threats to cybersecurity. Users and organizations must remain vigilant, stay informed about the latest trends, and ensure their security measures are up-to-date to combat these evolving attacks.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
- Strengthening Resistance Against Combined Risks in an Age Characterized by Authoritarian Technology
