Malware,JavaScript,Scalable Vector Graphics,Image file formats,Drive-by download,Computer file

SVG Image Format Set for Wider Adoption in Malware Distribution

January 30, 2017

SVG has all the makings of a great malware distribution medium, and crooks are bound to migrate to this new file format, now that Google has moved to ban .js email attachments. SVG is an image file format that's used to store scalable vector graphics (SVG) using XML syntax. Unknown to most is that developers can also embed JavaScript code in SVG files. While most use it to animate the image in one way or another, some clever crooks realized they could also do it to do harm. SVG can carry JavaScript payloads Today, JavaScript has been weaponized against users for years. Already used in malvertising and drive-by download attacks, JavaScript has become a feasible attack method even on the desktop itself. In the past years, and last year alone, JavaScript has become one of the most used methods...

Read the full article here