SVG Smuggling - Image Embedded JavaScript Redirect Attacks
Threat actors are increasingly using Scalable Vector Graphics (SVG) files to deliver JavaScript-based redirect attacks. These SVGs contain embedded, obfuscated JavaScript that initiates browser redirects to attacker-controlled infrastructure. The campaign uses email spoofing and impersonation to deliver the SVGs, bypassing traditional file-based detection. The embedded code uses XOR encryption and reconstructs the redirect command at runtime. The attack targets B2B Service Providers, including those handling corporate financial and employee data. Mitigation strategies include implementing DMARC policies, blocking SVG attachments, and enhancing email security measures. The campaign demonstrates a shift towards smuggling techniques that avoid triggering traditional security alerts.
Pulse ID: 6878f6e6ce9d5286edc46238
Pulse Link: https://otx.alienvault.com/pulse/6878f6e6ce9d5286edc46238
Pulse Author: AlienVault
Created: 2025-07-17 13:13:10
Be advised, this data is unverified and should be considered preliminary. Always do further verification.