VirusTotal finds hidden malware phishing campaign in SVG files www.bleepingcomputer.com/news/secu…

VirusTotal found an SVG file that had zero detections by antivirus scans, but whose AI-powered Code Insight feature detected using JavaScript to display HTML, impersonating a portal for Colombia’s government judiciary system.

[T]hreat actors have begun increasingly using SVG files in attacks, as they can also be used to display HTML using the element and execute JavaScript when the graphic is loaded.

In the campaign discovered by Virustotal, SVG image files are used to render fake portals that display a phony download progress bar, ultimately prompting the user to download a password-protected zip archive. The password for this file is displayed in the fake portal page.