Beware: Scalable Vector Graphics Files Are A New Ransomware Threat

SVG files offer many advantages as far as graphics go, but hackers looking to embed malware on websites can exploit them.

Matthew Rosenquist, Cybersecurity Strategist

November 29, 2016

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Creative cyber criminals are taking advantage of Facebook's compatibility with SVG images to infect victims with ransomware. SVG (scalable vector graphics) files are dangerous on social media sites, email, and even instant messaging tools, as this format is designed with the ability to contain embedded content code such as JavaScript, which can be opened via Web browser. 

A recent incident involved spammers that leveraged Facebook to conduct a campaign to infect unsuspecting victims with the Locky ransomware. This malware is unforgiving and is designed to encrypt users’ files and hold them for extortion.

SVG images are also used on websites, making them a target. If attackers hack a website and replace the current SVG files with ones containing malware, then visitors to that site may become infected. By the time the company realizes its Web page has been infecting its customers, the situation may turn into a catastrophic business debacle.

Many organizations implement strong precautions and security to protect their internal networks from external threats, but not as many are vigilant in watching code on their websites for minor graphical changes.

Technology is great and can be used to do wonderful things. SVG files offer many advantages as graphics go, but they can be abused. Without sufficient controls to protect potential victims, I recommend blocking SVG files on social media sites. Although extreme, it may be prudent to also abandon the use of SVG images on websites until security software can catch up with features to test such embedded code for malicious actions with a high degree of confidence.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

About the Author

Matthew Rosenquist

Cybersecurity Strategist

Matthew Rosenquist is a cybersecurity strategist who actively advises global businesses, academia, and governments to identify emerging risks and opportunities.  Formerly the cybersecurity strategist for Intel Corp., he benefits from 30 years in the security field.

He is a keynote speaker, an evangelist for cybersecurity best-practices, a member on multiple technical and academic advisory boards, and collaborates with the top minds in the cybersecurity industry.  Recognized as a Top 10 Technology Voice in 2018 by LinkedIn and a Top 10 Cybersecurity Thought Leader in 2019 by Thinkers360, he is heavily engaged with an active following of over 190k professionals.

Matthew is a leader who champions collaboration, partnerships, and communication across technology and cybersecurity organizations.  He publishes blogs, evaluates technology and processes, authors opinion papers, and develops methodologies to improve security effectiveness and efficiencies across the digital ecosystem in the pursuit of optimal security.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights