327/68 Monday, September 8, 2025
VirusTotal has identified a new phishing campaign that hides within SVG (Scalable Vector Graphics) files, embedding malware inside a fake portal that impersonates the Colombian judicial system. The attack was uncovered after VirusTotal enhanced its AI Code Insight platform to analyze SVG files, using machine learning to summarize suspicious behaviors in uploaded samples.
The discovered SVG files were able to bypass traditional antivirus detection, but VirusTotal’s AI flagged the use of JavaScript to render a fake HTML page. This spoofed portal tricked victims into believing they were downloading official legal documents, complete with credibility markers such as case numbers, security tokens, and download progress bars. When users complied and downloaded the provided password-protected ZIP file, they received a package containing a legitimate Comodo Dragon browser executable renamed as a court document, alongside a malicious DLL and additional encrypted files. Once executed, the program loaded the DLL into the system and deployed further malware.
VirusTotal further reported that after detecting the first malicious SVG, the system retrospectively identified over 523 similar SVG files that had previously been uploaded but went undetected. This incident highlights the growing abuse of SVG files in cyberattacks, exploiting their ability to embed HTML and JavaScript. By extending AI Code Insight to support SVG analysis, VirusTotal can now expose such phishing campaigns more effectively, enabling security analysts to better understand the threat landscape and protect users before they fall victim.
