Hackers Weaponize SVG Files and Office Documents to Target Windows Users

[Brownie2019]

Content source

https://cybersecuritynews.com/hackers-weaponize-svg-files-and-office-documents/

Cybersecurity researchers have uncovered a sophisticated email campaign deploying a commodity loader to distribute Remote Access Trojans and information stealers.
The operation primarily targets manufacturing and government organizations across Italy, Finland, and Saudi Arabia, using highly evasive techniques.
Multi-Vector Attack Strategy
The campaign employs multiple infection methods to compromise Windows systems. Threat actors are distributing weaponized Microsoft Office documents that exploit CVE-2017-11882, a critical memory corruption vulnerability in the Equation Editor component.
Additionally, attackers leverage malicious SVG files and ZIP archives containing LNK shortcuts, all converging on a unified commodity loader infrastructure.

Full Story:

Hackers Weaponize SVG Files and Office Documents to Target Windows Users

Researchers have uncovered a sophisticated email campaign deploying a commodity loader to distribute Remote Access Trojans and information stealers.

cybersecuritynews.com

 

[Parkinsond]

The only solution is to convert the svg file into jpg one, before opening.

 

[Andy Ful]

To avoid the SVG redirections, it is sufficient not to open them in the web browser.
This can be done in many ways, for example:

• by associating SVG files with Notepad (or any non-browser application),
• using the right-click Explorer context menu "Open with" and choose a non-browser application,
• converting the file to another file format that is not associated with a web browser,

The SVG redirections can also be blocked by website blocklisting services (like SmartScreen).