Seemingly harmless SVGs are packed with malicious JavaScript for a phishing redirect to actor-controlled URLs.
Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects.
According to an Ontinue discovery, newer campaigns are using Scalable Vector Graphics (SVG) — typically harmless image formats — to sneak in obfuscated JavaScript that quietly redirects victims to malicious ...
