VirusTotal has uncovered a sophisticated phishing campaign that leverages SVG (Scalable Vector Graphics) files to mimic the Colombian judicial system and distribute malware. This discovery came shortly after VirusTotal’s AI Code Insight tool began analyzing SVG files, enabling the platform to identify threats that had previously evaded detection.
The malicious SVG file used JavaScript embedded within <foreignObject> tags to display convincing HTML content mimicking an official judiciary portal. This fake portal showed a fabricated case number, security token, and download progress bar to build user trust and prompt them to download a password-protected ZIP file. The password was conveniently displayed on the portal, further luring victims into believing in the site’s legitimacy.
Source: blog.virustotal.com.
Upon extraction, the ZIP archive contained four files: a legitimate Comodo Dragon browser executable renamed to resemble a judicial document, a malicious DLL, and two encrypted files. When the executable is launched, it sideloads the DLL to install additional malware—effectively compromising the user’s system.
The initial SVG sample had zero detections from antivirus engines, highlighting the stealthiness of this attack vector. Following its discovery, VirusTotal found over 500 related SVG files previously uploaded to its platform that had also gone undetected, all part of the same coordinated campaign.
This incident underscores a growing trend: attackers are exploiting less commonly scrutinized file types, like SVGs, to bypass defenses. The integration of SVG support into VirusTotal’s AI Code Insight proved crucial in surfacing this hidden threat, showcasing the value of AI in cybersecurity analysis.
As cybercriminals evolve their tactics, leveraging obscure formats and evading traditional detection methods, defenders must adapt accordingly. Security professionals should consider updating their scanning protocols to include SVG analysis and continue investing in AI-assisted tools that add crucial context and visibilit
