Hackers Use SVG Files To Deliver Crypto-Malwares
SVG (scalable vector graphic), the XML based vector image format for
two-dimensional graphics with support for interaction and animation is
now being used to deliver malwares that encrypts your files and hold
them to ransom.
Researchers at AppRiver have
identified a malicious email campaign with zipped svg files attached in
the messages. These SVG files contains a malicious JavaScript entry
that opens a webpage to download a malware.
After analyzing the malicious SVG files, the researchers identified the payload- "CryptoWall". Upon infection, it encrypts the files and then shows a message:
The downloaded file contained hard coded SQL commands related to a potential schools database, Jonathan French said in a blog post.
"Some of the recipients we stopped this malware for were schools, but
nothing seemed out of the ordinary with volume of recipients, which was
low volume in general," he added.
Hidden Intensions
"While it’s possible the malware had other intentions from encrypting in
mind, like to wreak havoc in a sql database, this was from a strings
output so it was all plain text and the table naming conventions just
seem a little too plain as well. However, someone knowing sql table
names or a school using a plain naming convention could be problematic
if the malware were to attempt to attain access and do its thing. It’s
certainly also a tactic for malware authors to add in code that isn't
used or code that fluffs up functions to distract from analysis and make
analyzing more complex and time consuming," the researcher explains.
