Cybercriminals are doubling their ingenuity to bypass software defenses and fly under the radar. Their latest find? Send attachments in a specific format…

Cybercriminals are doubling their ingenuity to bypass software defenses and

Cybercriminals are doubling their ingenuity to bypass software defenses and fly under the radar. Their latest find? Send attachments in a specific format…

Scammers are constantly doubling their ingenuity to trick you with their phishing campaigns. You must now be wary of each message received, whether by email or SMS, especially if it contains a link or a file. We keep repeating this, but never click on the links embedded in the messages, because there is a good chance that they will take you to a fraudulent site. The same goes for files, which can contain malware responsible for infecting your device.

For the latter, it’s a little different. You might be tempted to rely on your antivirus, which is responsible for scanning messages and files received in order to detect possible threats. But this is a poor understanding of cybercriminals, who are doubling their ingenuity to circumvent software defenses and go under the radar.

For a long time, hackers were content to infect machines by attaching simple .PNG and .JPG images. However, they have renewed their methods and are now using an unexpected file format, SVG, alert our colleagues at Bleeping Computer.

This SVG attachment is actually a phishing form © Bleeping Computer

Acronym of Scalable Vector Graphics, This file type is usually used for vector graphics. Unlike JPEG or PNG files, which are made up of pixels, SVG files contain textual code that “describes” the image. This allows them to adapt to any screen definition, which is handy for use in browser applications, which may have different resolutions.

However, because they can embed HTML or JavaScript code, cybercriminals have found a way to use them to execute malicious scripts. This allows them to create SVG attachments that not only display images, but can downright impersonate an interactive website, such as, on the off chance, fake login pages meant to steal credentials or fake Excel forms, to retrieve a whole bunch of personal information.

But SVG files also allow malware to be distributed. For example, hackers can trick you into downloading a fake document, while running a script to install malware. The problem is that they often go unnoticed by antivirus programs because they are seen as simple textual representations.

Be careful, receiving an SVG attachment is not common for legitimate emails and should be immediately treated with suspicion. Unless you are a developer and expect to receive these types of attachments, it is safest to delete all emails containing them.

ccn5