ArticlesNews & Alerts

Phishing in Plain Sight: Malicious SVG Files Impersonate Colombia’s Judiciary to Spread Malware

VirusTotal’s AI-enhanced detection revealed an SVG-based phishing campaign that slipped past traditional antivirus tools by disguising malicious portals as official judicial sites.

CSBadmin
CSBadmin
2 Min Read

VirusTotal has uncovered a sophisticated phishing campaign that leverages SVG (Scalable Vector Graphics) files to mimic the Colombian judicial system and distribute malware. This discovery came shortly after VirusTotal’s AI Code Insight tool began analyzing SVG files, enabling the platform to identify threats that had previously evaded detection.

The malicious SVG file used JavaScript embedded within <foreignObject> tags to display convincing HTML content mimicking an official judiciary portal. This fake portal showed a fabricated case number, security token, and download progress bar to build user trust and prompt them to download a password-protected ZIP file. The password was conveniently displayed on the portal, further luring victims into believing in the site’s legitimacy.

Source: blog.virustotal.com.

Upon extraction, the ZIP archive contained four files: a legitimate Comodo Dragon browser executable renamed to resemble a judicial document, a malicious DLL, and two encrypted files. When the executable is launched, it sideloads the DLL to install additional malware—effectively compromising the user’s system.

The initial SVG sample had zero detections from antivirus engines, highlighting the stealthiness of this attack vector. Following its discovery, VirusTotal found over 500 related SVG files previously uploaded to its platform that had also gone undetected, all part of the same coordinated campaign.

This incident underscores a growing trend: attackers are exploiting less commonly scrutinized file types, like SVGs, to bypass defenses. The integration of SVG support into VirusTotal’s AI Code Insight proved crucial in surfacing this hidden threat, showcasing the value of AI in cybersecurity analysis.

As cybercriminals evolve their tactics, leveraging obscure formats and evading traditional detection methods, defenders must adapt accordingly. Security professionals should consider updating their scanning protocols to include SVG analysis and continue investing in AI-assisted tools that add crucial context and visibilit

CSBadmin

The latest in cybersecurity news and updates.

SOURCES:blog.virustotal.com
Share This Article
ByCSBadmin
Follow:
The latest in cybersecurity news and updates.
Previous Article Nx ‘s1ngularity’ NPM Attack Exposes Thousands of Secrets via AI-Powered Credential Theft
Next Article Scammers Exploit Apple iCloud Calendar to Deliver Callback Phishing Emails
Leave a Comment

Trending

Related Stories

CSBadmin

Plex Urges Password Resets After Latest Data Breach Exposes User Credentials

CSBadmin

Cyber on Wheels Top Threats Undermining the Future of Connected Vehicles

CSBadmin

TransUnion Breach Exposes Data of 4.4 Million Americans in Salesforce Attack

CSBadmin

Cybercriminals Exploit X’s Grok AI to Spread Malicious Links in New “Grokking” Campaign