SVG Smuggling - Image Embedded JavaScript Redirect Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Threat actors are increasingly using Scalable Vector Graphics (SVG) files to deliver JavaScript-based redirect attacks. These SVGs contain embedded, obfuscated JavaScript that initiates browser redirects to attacker-controlled infrastructure. The campaign uses email spoofing and impersonation to deliver the SVGs, bypassing traditional file-based detection. The embedded code uses XOR encryption and reconstructs the redirect command at runtime. The attack targets B2B Service Providers, including those handling corporate financial and employee data. Mitigation strategies include implementing DMARC policies, blocking SVG attachments, and enhancing email security measures. The campaign demonstrates a shift towards smuggling techniques that avoid triggering traditional security alerts.
OPENCTI LABELS :
phishing,obfuscation,javascript,email spoofing,svg,xor encryption,redirect
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
SVG Smuggling - Image Embedded JavaScript Redirect Attacks