Security News > 2022 > December > Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems
Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics images embedded in HTML email attachments.
The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags.
HTML smuggling is a technique that relies on using legitimate features of HTML and JavaScript to run encoded malicious code contained within the lure attachment and assemble the payload on a victim's machine as opposed to making an HTTP request to fetch the malware from a remote server.
The attack chain spotted by the cybersecurity company concerns a JavaScript that's smuggled inside of the SVG image and executed when the unsuspecting email recipient launches the HTML attachment.
"When the victim opens the HTML attachment from the email, the smuggled JavaScript code inside the SVG image springs into action, creating a malicious ZIP archive and then presenting the user with a dialog box to save the file," researchers Adam Katz and Jaeson Schultz said.
The ZIP archive is also password-protected, requiring users to enter a password that's displayed in the HTML attachment, following which an ISO image is extracted to run the Qakbot trojan.
News URL
https://thehackernews.com/2022/12/hacking-using-svg-files-to-smuggle-qbot.html
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)