Os agentes de ameaças estão usando cada vez mais arquivos SVG (Scalable Vector Graphics) para ir além das defesas tradicionais no campo de segurança cibernética em rápido desenvolvimento.
Ao contrário dos formatos raster, como JPEG ou PNG, que armazenam dados baseados em pixels, os SVGs são documentos estruturados em XML que definem formas, caminhos e texto vetoriais, permitindo escalabilidade perfeita.
Essa flexibilidade inerente, no entanto, permite a incorporação de código JavaScript executável, que pode ser ativado ao renderizar em um navegador da Web um comportamento padrão em muitos sistemas Windows.
De acordo com Seqrite relatório, os invasores exploram isso distribuindo SVGs maliciosos por meio de e-mails de spear-phishing ou plataformas de armazenamento em nuvem como Dropbox, Google Drive ou OneDrive, muitas vezes evitando gateways de segurança de e-mail devido à sua aparência inócua.
SVG como vetor de phishing
A cadeia de ataque normalmente começa com um anexo de e-mail enganoso, como um disfarçado de “Próximos Meeting.svg” ou “Your-to-do-List.svg”, acompanhado por linhas de assunto atraentes como “Lembrete para sua 7212025.msg de eventos agendados”.
Ao abrir, o arquivo SVG é carregado no navegador, executando scripts incorporados que decodificam cargas ofuscadas e redirecionam as vítimas para domínios de phishing de comando e controle (C2), potencialmente levando ao roubo de credenciais ou implantação de malware.
A sofisticação técnica desses ataques está na capacidade do SVG de ocultar lógica maliciosa em sua estrutura XML.
Por exemplo, os adversários incorporam var block_tdi_62 = new tdBlock();
block_tdi_62.id = “tdi_62”;
block_tdi_62.atts = ‘{“modules_on_row”:””,”image_size”:””,”image_floated”:”hidden”,”image_width”:”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”eyJwaG9uZSI6IjMwIn0=”,”,”]image_height”:”eyJwaG9uZSI6IjExMCJ9″,”show_btn”:”none”,”show_excerpt”:”eyJwaG9uZSI6Im5vbmUiLCJhbGwiOiJub25lIn0=”,”show_com”:”eyJwaG9uZSI6Im5vbmUiLCJhbGwiOiJub25lIn0=”,”show_author”:”none”,”show_cat”:””,”meta_padding”:”eyJhbGwiOiIwIDQwcHggMCAwICIsInBvcnRyYWl0IjoiMCAxMHB4IDAgMCAiLCJsYW5kc2NhcGUiOiIwIDIwcHggMCAwICJ9″,”f_title_font_ size”:”eyJhbGwiOiIxNSIsImxhbmRzY2FwZSI6IjE0IiwicG9ydHJhaXQiOiIxMiJ9″,”f_title_font_line_height”:”1.2″,”f_title_font_weight”:”700″,”all_modules_space”:”eyJhbGwiOiIxNSIsImxhbmRzY2FwZSI6IjEwIiwicG9ydHJhaXQiOiI2In0=”,”category_id”:””,”show_date”:”eyJwb3J0cmFpdCI6Im5vbmUiLCJhbGwiOiJub25lIn0=”,”art_excerpt”:”0″,”show_review”:”none”,”tdc_css”: “eyJhbGwiOnsibWFyZ2luLWJvdHRvbSI6IjAiLCJkaXNwbGF5IjoiIn0sInBvcnRyYWl0Ijp7ImRpc3BsYXkiOiIifSwicG9ydHJhaXRfbWF4X3dpZHRoIjoxMDE4LCJwb3J0cmFpdF9taW5fd2lkdGgiOjc2OCwicGhvbmUiOnsiZGlzcGxheSI6IiJ9LCJwaG9uZV9tYXhfd2lkdGgiOjc2NywibGFuZHNjYXBlIjp7ImRpc3BsYXkiOiIifSwibGFuZHNjYXBlX21heF93aWR0aCI6MTE0MCwibGFuZHNjYXBlX21pbl93aWR0aCI6MTAxOX0=”,”f_title_font_family”:”702″,”mc1_el”:”10″,”title_txt_hover”:”var(–accent-color-1)”,”title_txt”:”var(–base-color-1)”,” art_title”:”eyJhbGwiOiIxMHB4IDAgNXB4IiwicG9ydHJhaXQiOiI2cHggMCAwIn0=”,”eyJhbGwiOiMHB4IDAgNXB4IiwicG9dHJhaXQiOiI2cHggMCAwIn0=”,”,”]m_padding”:”eyJsYW5kc2NhcGUiOiIwIDAgMTJweCIsInBvcnRyYWl0IjoiMCAwIDhweCJ9″,”modules_gap”:”0″,”f_meta_font_size”:”eyJhbGwiOiIxMyIsInBvcnRyYWl0IjoiMTEifQ==”,”f_meta_font_line_height”:”1″,”f_meta_font_weight”:”500″,”f_meta_font_family”:”global-font-1_global”,”modules_cat_border”:”0″,”modules_category_padding”:”0″,”f_cat_font_family”:”global-font-1_global”,”f_cat_font_transform”:”” ,”f_cat_font_size”:”eyJhbGwiOiIxNSIsInBvcnRyYWl0IjoiMTAifQ==”,”eyJhbGwiOiIxNSIsInBvcnRyYWl0IjoiMTAifQ==”,”]f_cat_font_weight”:”700″,”f_cat_font_line_height”:”1″,”cat_bg”:”rgba(255,255,255,0)”,”cat_bg_hover”:”rgba(255,255,255,0)”,”cat_txt”:”var(–accent-color-1)”,”cat_txt_hover”:”var(–accent-color-2)”,”modules_category_margin”:”0″,”ajax_pagination”:””,”pag_border_width”:”0″,”pag_space”:”eyJhbGwiOiIxNSIsImxhbmRzY2FwZSI6IjEwIiwicG9ydHJhaXQiOiI1In0=”,”prev_tdicon”:”td-icon-menu-left”,”next_ tdicon”:”td-icon-menu-right”,”pag_icons_size”:”eyJhbGwiOiIxMCIsImxhbmRzY2FwZSI6IjgiLCJwb3J0cmFpdCI6IjgifQ==”,”pag_text”:”#000000″,”pag_h_text”:”#309b65″,”pag_bg”:”rgba(255,255,255,0)”,”pag_h_bg”:”rgba(255,255,255,0)”,”f_excl_font_family”:”global-font-2_global”,”f_excl_font_transform”:”maiúsculas”,”f_excl_font_size”:”10″,”f_excl_font_weight”:”500″,”f_excl_font_line_height”:”1″,”f_excl_font_spacing”:”0.5″,”excl_padd”: “4px 5px 3px”,”excl_color”:”#ffffff”,”excl_color_h”:”#ffffff”,”excl_bg”:”var(–accent-color-1)”,”excl_bg_h”:”var(–accent-color-2)”,”excl_margin”:”-4px 5px 0 0″,”excl_show”:”nenhum”,”date_txt”:”var(–base-color-1)”,”f_title_font_style”:”indefinido”,”f_title_font_transform”:””,”sort”:”popular”,”modules_category”:”acima”,”f_cat_font_style”:”indefinido”,”cat_border”:”var(–accent-color-1)”,”cat_border_hover”: “var(–accent-color-2)”,”modules_border_color”:””,”f_meta_font_transform”:”capitalizar”,”td_ajax_filter_type”:””,”td_filter_default_txt”:””,”block_template_id”:””,”f_ajax_font_family”:”global-font-2_global”,”f_ajax_font_size”:”15″,”f_header_font_family”:”global-font-1_global”,”f_header_font_weight”:”700″,”f_ajax_font_line_height”:”1.2″,”border_color”:”var(–base-color-1)”,”el_class”:”td-numbered-post-flex”,”modules_divider”:”solid”,”modules_divider_color”:”#b1b4bc”,”block_type”:”td_flex_block_1″,”separator”:””,”custom_title”: “”,”custom_url”:””,”title_tag”:””,”mc1_tl”:””,”mc1_title_tag”:””,”post_ids”:”-154885″,”taxonomias”:””,”category_ids”:””,”in_all_terms”:””,”tag_slug”:””,”autors_id”:””,”installed_post_types”:””,”include_cf_posts”:””,”exclude_cf_posts”:””,”popular_by_date”:””,”linked_posts”:””,”favourite_only”:””,”locked_only”:””,”limit”:”5″,”offset”:””,”open_in_new_window”:””,”show_modified_date”:””,”time_ago”:””,”time_ago_add_txt”: “ago”,”time_ago_txt_pos”:””,”review_source”:””,”td_query_cache”:””,”td_query_cache_expiration”:””,”td_ajax_filter_ids”:””,”td_ajax_preloading”:””,”container_width”:””,”modules_border_size”:””,”modules_border_style”:””,”modules_border_radius”:””,”h_effect”:””,”image_alignment”:”50″,”image_radius”:””,”hide_image”:””,”show_favourites”:””,”fav_size”:”2″,”fav_space”:””,”fav_ico_color”:””,”fav_ico_color_h”:””,”fav_bg”: “”,”fav_bg_h”:””,”fav_shadow_shadow_header”:””,”fav_shadow_shadow_title”:”Sombra”,”fav_shadow_shadow_size”:””,”fav_shadow_shadow_offset_horizontal”:””,”fav_shadow_shadow_offset_vertical”:””,”fav_shadow_shadow_spread”:””,”fav_shadow_shadow_color”:””,”video_icon”:””,”video_popup”:”sim”,”video_rec”:””,”spot_header”:””,”video_rec_title”:””,”video_rec_color”:””,”video_rec_disable”:””,”autoplay_vid”:”sim”,”show_vid_t”: “block”,”vid_t_margin”:””,”vid_t_padding”:””,”video_title_color”:””,”video_title_color_h”:””,”video_bg”:””,”video_overlay”:””,”vid_t_color”:””,”vid_t_bg_color”:””,”f_vid_title_font_header”:””,”f_vid_title_font_title”:”Título do artigo pop-up de vídeo”,”f_vid_title_font_settings”:””,”f_vid_title_font_family”:””,”f_vid_title_font_size”:””,”f_vid_title_font_line_height”: “”,”f_vid_title_font_style”:””,”f_vid_title_font_weight”:””,”f_vid_title_font_transform”:””,”f_vid_title_font_spacing”:””,”f_vid_title_”:””,”f_vid_time_font_title”:”Duração do texto do vídeo”,”f_vid_time_font_settings”:””,”f_vid_time_font_family”:””,”f_vid_time_font_size”:””,”f_vid_time_font_line_height”:””,”f_vid_time_font_style”: “”,”f_vid_time_font_weight”:””,”f_vid_time_font_transform”:””,”f_vid_time_font_spacing”:””,”f_vid_time_”:””,”excl_txt”:””,”all_excl_border”:””,”all_excl_border_style”:”sólido”,”excl_radius”,”all_excl_border_color”:””,”excl_border_color_h”:””,”f_excl_font_header”:””,”f_excl_font_title”:”Texto do rótulo”,”f_excl_font_settings”:””,”f_excl_font_style”: “”,”f_excl_”:””,”meta_info_align”:””,”meta_info_horiz”:”layout-default”,”meta_width”:””,”meta_margin”:””,”meta_space”:””,”art_btn”:””,”meta_info_border_size”:””,”meta_info_border_style”:””,”meta_info_border_color”:”#eaeaea”,”meta_info_border_radius”:””,”modules_category_radius”:”0″,”modules_extra_cat”:””,”author_photo”:””,”author_photo_size”:””,”author_photo_space”:””,”author_photo_radius”:””,”review_space”:””,”review_size”: “2.5”,”review_distance”:””,”excerpt_col”:”1″,”excerpt_gap”:””,”excerpt_middle”:””,”excerpt_inline”:””,”show_audio”:”bloco”,”hide_audio”:””,”art_audio”:””,”art_audio_size”:”1.5″,”btn_title”:””,”btn_margin”:””,”btn_padding”:””,”btn_border_width”:””,”btn_radius”:””,”pag_padding”:””,”pag_border_radius”:””,”f_header_font_header”:””,”f_header_font_title”:”Cabeçalho do bloco”,”f_header_font_settings”:””,”f_header_font_size”: “”,”f_header_font_line_height”:””,”f_header_font_style”:””,”f_header_font_transform”:””,”f_header_font_spacing”:””,”f_header_”:””,”f_ajax_font_title”:”Categorias Ajax”,”f_ajax_font_settings”:””,”f_ajax_font_style”:””,”f_ajax_font_weight”:””,”f_ajax_font_transform”:””,”f_ajax_font_spacing”:””,”f_ajax_”:””,”f_more_font_title”:”Botão Carregar mais”,”f_more_font_settings”: “”,”f_more_font_family”:””,”f_more_font_size”:””,”f_more_font_line_height”:””,”f_more_font_style”:””,”f_more_font_weight”:””,”f_more_font_transform”:””,”f_more_font_spacing”:””,”f_more_”:””,”f_title_font_header”:””,”f_title_font_title”:”Título do artigo”,”f_title_font_settings”:””,”f_title_font_spacing”:””,”f_title_”:””,”f_cat_font_title”:”Tag de categoria do artigo”, “f_cat_font_settings”:””,”f_cat_font_spacing”:””,”f_cat_”:””,”f_meta_font_title”:”Informações meta do artigo”,”f_meta_font_settings”:””,”f_meta_font_style”:””,”f_meta_font_spacing”:””,”f_meta_”:””,”f_ex_font_title”:”Trecho do artigo”,”f_ex_font_settings”:””,”f_ex_font_family”:””,”f_ex_font_size”:””,”f_ex_font_line_height”:””,”f_ex_font_style”: “”,”f_ex_font_weight”:””,”f_ex_font_transform”:””,”f_ex_font_spacing”:””,”f_ex_”:””,”f_btn_font_title”:”Botão de leitura de artigo mais”,”f_btn_font_settings”:””,”f_btn_font_family”:””,”f_btn_font_size”:””,”f_btn_font_line_height”:””,”f_btn_font_style”:””,”f_btn_font_weight”:””,”f_btn_font_transform”:””,”f_btn_font_spacing”:””,”f_btn_”:””,”mix_color”:””,”mix_type”:””,”fe_brightness”:”1″,”fe_contrast”:”1″,”fe_saturate”:”1″,”mix_color_h”:””,”mix_type_h”:””,”fe_brightness_h”:”1″,”fe_contrast_h”:”1″,”fe_saturate_h”:”1″,”m_bg”:””,”color_overlay”:””,”shadow_shadow_header”:””,”shadow_shadow_title”:”Sombra do Módulo”,”shadow_shadow_size”:””,”shadow_shadow_offset_horizontal”:””,”shadow_shadow_offset_vertical”: “”,”shadow_shadow_spread”:””,”shadow_shadow_color”:””,”all_underline_height”:””,”all_underline_color”:””,”meta_bg”:””,”author_txt”:””,”author_txt_hover”:””,”ex_txt”:””,”com_bg”:””,”com_txt”:””,”rev_txt”:””,”audio_btn_color”:””,”audio_time_color”:””,”audio_bar_color”:””,”audio_bar_curr_color”:””,”shadow_m_shadow_header”:””,”shadow_m_shadow_title”:”Meta info shadow”,”shadow_m_shadow_size”:””,”shadow_m_shadow_offset_horizontal”: “”,”shadow_m_shadow_offset_vertical”:””,”shadow_m_shadow_spread”:””,”shadow_m_shadow_color”:””,”btn_bg”:””,”btn_bg_hover”:””,”btn_txt”:””,”btn_txt_hover”:””,”btn_border”:””,”btn_border_hover”:””,”pag_border”:””,”pag_h_border”:””,”ajax_pagination_next_prev_swipe”:””,”ajax_pagination_infinite_stop”:””,”css”:””,”td_column_number”:1,”header_color”,”color_preset”:””,”border_top”:””,”class”:”tdi_62″, “tdc_css_class”:”tdi_62″,”tdc_css_class_style”:”tdi_62_rand_style”}’;
block_tdi_62.td_column_number = “1”;
block_tdi_62.tipo_de_bloco = “td_flex_block_1”;
block_tdi_62.post_count = “5”;
block_tdi_62.found_posts = “11255”;
block_tdi_62.header_color = “”;
block_tdi_62.ajax_paginação_parada_infinita = “”;
block_tdi_62.max_núm_páginas = “2251”;
tdBlocksArray.push(block_tdi_62);