Viruses sent as email attachments are among the classic attack methods that are often forgotten. While this tactic was never harmless, infected attachments could typically be reliably detected and blocked by good antivirus software. However, cybercriminals are proving creative and are increasingly resorting to a revived technique—using Scalable Vector Graphics (SVG) files as a key component.

Unlike formats such as JPG or PNG, SVG files are vector-based. This allows for lossless scaling while keeping file sizes manageable. However, as email attachments, SVG files have a characteristic that makes them particularly appeal to attackers: they can contain script code that can be exploited for activities such as data theft. Because this malicious code is effectively hidden, this technique is often referred to as “smuggling malware.” Many antivirus programs struggle to detect such attacks.

The use of SVG files for malware purposes is not new but appears to be regaining traction. A common scenario involves sending an email with a supposed Excel file as an attachment. In reality, it is an SVG file displaying only the first page of an Excel spreadsheet. When the user clicks on it, a fake login prompt appears, requesting Microsoft account credentials. However, this login prompt is embedded with script code, and any credentials entered are sent directly to the attackers.

Other attacks use SVG files to mimic government websites, prompting users to download malicious files or redirecting them to phishing pages. A significant challenge here is that many antivirus programs fail to reliably detect this threat. In one test case, only two out of 55 antivirus programs identified the malware, while in another instance, the threat went completely undetected.