Security News > 2023 > January > New 'Blank Image' attack hides phishing scripts in SVG files
An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents.
Security researchers at email security provider Avanan named it "Blank Image." They explain that the attack allows phishing actors to evade detection of redirect URLs.
HTML files are popular among phishing actors because they are typically ignored by email security products and thus have higher chances of reaching the target's inbox.
The HTML file contains an SVG image encoded using the Base64 encoding format with an embedded JavaScript code that redirects the victim automatically to the malicious URL. The SVG image does not contain any graphics or shapes, so it renders nothing on the screen.
It's worth noting that the use of SVG files inside HTML containing base64-obfuscated code isn't new.
When an HTML document displays an SVG image through an or tag, the image is displayed and the JavaScript inside it executes.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)