Key Points
What you'll learn in this notification
- Campaign using Scalable Vector Graphics (SVG) with JavaScript redirects
- Users are redirected to credential harvesting pages or download malware
Rikesh Vekaria, Marcin Ulikowski, and the Mimecast threat researchers have recently identified several campaigns utilising Scalable Vector Graphics (SVG) attachments in credential phishing attacks. SVG is an XML-based image format that supports embedded JavaScript. This allows for things such as interactivity & animations, event handlers and DOM manipulation using embedded scripts. Threat actors are utilising SVG capabilities to embed malicious JavaScript in files attached to emails which when opened, execute and redirect users to phishing sites or potentially download malware.
Please click here to read the entire article.
We welcome your questions; please ask them by posting a comment below.
Dimakatso Makinta
