Hackers Exploit SVG Files For Stealthier Phishing Attacks - 1

Image by DC Studio, from Freepik

Hackers Exploit SVG Files For Stealthier Phishing Attacks

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Hackers exploit SVG files in phishing emails, embedding fake forms or malware links. These files evade detection by security software, making rare SVG attachments suspicious and potentially dangerous.

In a Rush? Here are the Quick Facts!

  • SVG files can include phishing forms to steal login credentials from unsuspecting users.
  • Some SVG attachments disguise malware links as official documents or requests.
  • Security software often struggles to detect malicious SVG files due to their text-based nature.

According to a report by BleepingComputer (BC), MalwareHunterTeam has identified additional threat actors exploiting Scalable Vector Graphics (SVG) attachments to carry out more covert phishing or malware attacks.

The cybersecurity researchers have identified a growing trend among hackers exploiting SVG files to bypass security systems and conduct phishing attacks. These files, which often appear harmless, are being used to deliver malware or trick users into sharing sensitive information, says BC.

BC explains that SVG files differ from typical image formats like JPG or PNG, which use pixels to create images. Instead, SVG files rely on lines, shapes, and text described through code. This allows them to resize without losing quality, making them widely used in web applications.

However, the same qualities that make SVG files versatile also make them attractive to cybercriminals, as noted by BC.

Hackers are embedding SVG files in phishing emails to launch attacks in creative and deceptive ways. Security researcher MalwareHunterTeam, who analyzed recent campaigns, found that some SVG files include phishing forms that mimic legitimate login pages, as reported by BC.

For example, one instance displayed a fake Excel spreadsheet with a login form. When users entered their credentials, the information was sent directly to the attackers.

BC explains that other SVG files are disguised as official documents or forms, encouraging users to click on links that lead to malware downloads. In some cases, opening the SVG file triggers embedded JavaScript, which redirects the user’s browser to a phishing website designed to steal personal information.

These tactics are effective partly because SVG files often evade detection by security software. Since they primarily consist of code representing an image, they can appear harmless to antivirus tools.

According to samples analyzed by BleepingComputer, most SVG attachments flagged as malicious were detected by only one or two security systems.

While receiving an SVG attachment in an email is uncommon for most users, it’s important to exercise caution. Unless you are expecting such a file from a trusted source, such as a developer or designer, it’s best to delete any email containing an SVG attachment.

Remaining vigilant and skeptical of unfamiliar attachments can help protect against these increasingly sophisticated phishing techniques. As attackers continue to refine their methods, staying informed and cautious is critical to avoiding potential threats.

HarperCollins Partners With AI Company, Authors Debate Participation - 2

Image by ActuaLitté, from Flickr

HarperCollins Partners With AI Company, Authors Debate Participation

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

HarperCollins partners with an AI company to use nonfiction books for training, offering authors $2,500, allowing them to opt in.

In a Rush? Here are the Quick Facts!

  • The deal aims to improve AI model quality and performance using select nonfiction works.
  • Critics highlight concerns over copyright use and AI’s impact on authors’ livelihoods.
  • Author Daniel Kibblesmith shared details of the offer, sparking industry debate on AI’s role.

HarperCollins, one of the world’s leading publishers, has entered into a partnership with an unnamed artificial intelligence technology company, enabling select nonfiction works to be used for AI model training.

This agreement, confirmed by 404 Media , marks another instance of the publishing industry’s intersection with emerging technologies. The deal permits the limited use of nonfiction backlist titles to enhance AI quality and performance.

Authors have the option to participate or decline, with HarperCollins presenting it as an opportunity for collaboration while emphasizing its commitment to protecting authors’ rights. The one-time payment for participation has been set at $2,500, as reported by 404 Media.

By allowing authors to decide whether to opt in, the company attempts to address differing views on AI’s role in the creative process. However, the limited payment and the use of copyrighted materials have reignited industry debates about AI’s impact on intellectual property and creative labor.

Author Daniel Kibblesmith, known for his children’s book Santa’s Husband, shared details of the offer through Bluesky.

Abominable. [image or embed] — Daniel Kibblesmith ( @kibblesmith.com ) 15 November 2024 at 16:36

He revealed communication from his agent describing the AI deal, which included an explanation of its purpose in training AI models while compensating authors.

The message also acknowledged controversies surrounding the use of copyrighted content in generative AI development, particularly when such use occurs without proper recognition or compensation.

In a statement to The A.V. Club , Kibblesmith wrote that, “It seems like they think they’re cooked, and they’re chasing short money while they can. I disagree. The fear of robots replacing authors is a false binary.”

“I see it as the beginning of two diverging markets, readers who want to connect with other humans across time and space, or readers who are satisfied with a customized on-demand content pellet fed to them by the big computer so they never have to be challenged again,” Kibblesmith added.

The deal underscores the growing tension between technological advancement and the preservation of traditional creative industries. As AI continues to shape the future of publishing, debates about the fair use of intellectual property and the role of human creativity are likely to intensify.