Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects
A new phishing campaign leveraging SVG files to deliver JavaScript-based redirect attacks has been uncovered by cybersecurity researchers.
The attack utilizes seemingly benign image files to conceal obfuscated script logic that redirects users to malicious domains without requiring the download of files or user interaction.
According to a new advisory published by Ontinue today, unlike traditional phishing methods that drop executables or use macro-laden documents, this campaign embeds JavaScript into the section of an SVG file.
Once opened in a browser, the code decrypts a secondary payload using a static XOR key and then redirects the user to an attacker-controlled site via the window.location.href function. These URLs often include Base64-encoded strings for victim tracking.
To read the complete article see: InfoSecurity Magazine
See more here: Ontinue