The campaign was discovered after adding SVG support to the AI code Insight platform using machine learning, analyzing files and revealing suspicious or harmful behaviors.
Malicious SVG files seem to be ordinary images, but use HTML and JavaScript to create a false portal, an indicator of loading documents. Users are encouraged to download the archive protected with the password displayed on the portal page.
There are several files in the archive: re -name can be executed to execute Comodo Dragon scanner file, malicious DLL and two encrypted files. When starting the executable file, DLL sets additional malware on the user’s computer. After identifying the first virustotal file, I found 523 SVG files previously installed by users who were previously part of the same campaign and were not detected by antiviruses.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
