Virustotal has discovered a phishing campaign hidden in SVG files that create portals assuring portals implementing Colombia that distribute malware.
Virustotal discovered this campaign, as he added support on his AI code Insight platform for SVGS.
AI code of Virustotal has been uploaded by file samples using machine learning to generate summary of suspected or malicious behavior found in insight feature files.
After adding support to SVGS, Virustotal received a SVG file, which had zero detections by antivirus scan, but whose AI-operated code Insight feature detected using a JavaScript to display HTML, applied a portal to Colombia’s government judiciary system.
Source: Virustotal
SVG, or scalable vector graphics, are used in the file to generate lines, shapes and images of lessons through mathematical formulas in the file.
However, the danger actors have started rapidly using SVG files in danger, as they can also be used using HTML.
In the campaign discovered by Virustotal, SVG image files are used to render fake portals that display a foney download progress bar, eventually motivating the user to download the password-reserved zip collection (((((WirstotalThe password of this file is displayed in the fake portal page.
“As shown in the screenshot below, the fake portal is described absolutely, following an official official government document download process,” Grewlosketl explains.
“Fishing site includes case numbers, safety tokens and visual signs to create a trust, all of which are prepared within an SVG file.”
Source: Virustotal
Bleepingcomputer found that the extracted file has four files: a valid execution from Komodo Dragon web browser, which is named to an official judicial document, a malicious DLL (Wirstotal), And which appear to be two encrypted files.
Source: Bleepingcomputer
If the user opens the executable, the malicious DLL will be sideloaded to install further malware on the system.
After detection of this initial SVG, Vishaltal identified 523, which was already uploaded by SVG files that were part of the same campaign, but were detected by security software.
The AI code was important in highlighting this particular campaign in addition to SVG support for Insights, as Grewstal said that the use of AI makes it easier to identify new malicious campaigns.
“This is where the code insight helps the most: reference, saving time, and to help focus on what really matters. It is not magic, and it will not replace the expert analysis, but it is another tool to cut through noise and reach the point rapidly,” is the conclusion of Gurstal.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
