Ddos 
Phishing is no longer just about shady links and poorly worded emails. According to a new report from Kaspersky Labs, threat actors are now embedding HTML and JavaScript code inside SVG files—turning simple images into silent and effective phishing weapons.
SVG is a format that uses XML to describe two-dimensional vector graphics. While commonly used for images, SVG’s XML foundation allows it to support JavaScript and HTML, unlike formats like JPEG or PNG. This flexibility, intended for designers to work with elements like text and interactive content, is now being exploited by attackers.
Attackers are crafting SVG files that contain embedded scripts with links to phishing pages. In a typical scenario, a user receives an email with an SVG attachment. While the email may identify the attachment as an image, opening it in a text editor reveals HTML code.
The report by Kaspersky Labs illustrates this with an example where an SVG file appears as an HTML page with a link to an audio file. Clicking this link redirects the user to a phishing page disguised as Google Voice. This page, designed to steal user credentials, even includes the target company’s logo to appear more legitimate.
In another instance, attackers used an SVG attachment to mimic an e-signature service, employing JavaScript to launch a browser window with a fake Microsoft login form.
Kaspersky’s telemetry data indicates a significant increase in SVG phishing campaigns. “Our telemetry data indicates a significant increase in SVG campaigns during March 2025. We found 2,825 of these emails in just the first quarter of the year,” the report states. This upward trend continued into April, signaling a growing threat.
The report emphasizes the adaptability of phishers: “Phishers are relentlessly exploring new techniques to circumvent detection“. While SVG phishing attacks are currently relatively simple, often involving phishing links or redirection scripts, the potential for more sophisticated attacks is a concern.
The use of SVG as a container for malicious content poses a significant risk. As the report concludes, “The SVG format provides the capability to embed HTML and JavaScript code within images, which is misused by attackers“.
Related Posts:
- SVG Phishing Surge: How Image Files Are Being Weaponized to Steal Credentials
- Sophos Uncovers Rising Threat of SVG-Based Phishing Attacks
- SVG Files: The Emerging Vector of Cyber Threats
- SVG Attacks: How GULoader Malware Sneaks into Your Network
- 90,000 Sites at Risk: Jupiter X Core RCE Vulnerability (CVE-2025-0366)
Donate