Malware found hidden in image files, can dodge antivirus detection entirely — VirusTotal discovers undetected SVG phishing campaign

A recent report from VirusTotal reveals a sophisticated phishing campaign that used weaponized SVG files to deliver malware, spoof a government agency, and evade antivirus detection entirely. The SVG files contained active code that, when opened, displayed a fake web portal leading to the download of malicious files. This attack leveraged the ability of SVGs to support embedded HTML and JavaScript, allowing them to act as full phishing kits. The campaign included 44 previously undetected phishing SVGs, highlighting the evolving tactics of hackers. Security experts warn users to be cautious with unknown SVG files, as they can be used as a powerful delivery vector for malware.