A recent cybersecurity report from VirusTotal, a leading online malware detection and analysis platform, reveals a sophisticated malware campaign delivered through seemingly harmless SVG files. These malicious files utilized advanced phishing techniques and malware delivery that had evaded traditional antivirus detection.
Even long after Adobe discontinued Flash support, SWF files continue to circulate and sometimes carry malicious payloads. VirusTotal received 47,812 unique SWF submissions, with 466 flagged by antivirus engines. Meanwhile, SVG files, a modern and web-friendly graphics type, remain popular. It logged 140,803 unique SVG files in the same period, with roughly 1% of scanned submissions showing signs of malicious behavior.
Advanced Detection
Using VirusTotal Intelligence, analysts connected dozens of related SVG samples, all avoiding detection by standard antivirus tools but flagged by Code Insight’s AI. Attackers masked their code with obfuscation, polymorphism, and dummy data, though consistent Spanish-language comments in the code allowed for signature-based detection. It identified a campaign where SVG files embedded JavaScript to present a convincing phishing site mimicking Colombian government offices, tricking users primarily via malicious email attachments into downloading malware via fake progress bars and security tokens.
Code Insight leverages AI technology to analyze these complex binary Flash files, distinguishing valid software uses, such as encrypted Flash games, from actual threats.
Traditional detection tools often miss threats hidden in common file types, but AI-assisted malware analysis platforms like VirusTotal’s Code Insight provide rapid, natural language summaries of code behavior. These insights streamline analyst workloads and help focus attention on critical threats.
While not a complete substitute for expert human analysis, AI can invaluable tool in defending against ever more complex and stealthy cyberattacks.
Learn more about VirusTotal’s report and findings on their official blog security post.
Leave a Reply