SVG Images are a New Ransomware Threat

ID 660321
Updated 11/29/2016
Version Latest



Creative cyber criminals are taking advantage of Facebook's compatibility with SVG images to infect victims with ransomware. SVG (Scalable Vector Graphics) files are dangerous on social media sites, in email, and even instant messaging tools, as this format is designed with the ability to contain embedded content code, such as JavaScript, which can be opened via web browser.  A recent incident where spammers leveraged Facebook to conduct a campaign to infect unsuspecting victims with the Locky ransomware.  This malware is unforgiving and is designed to encrypt user’s files and hold them for extortion.

SVG images are also use on websites, which will make them a target for hackers.  If they can hack a website and replace the current SVG with one containing malware, then visitors to that site may become infected.  By the time the company realizes their webpage has been infecting its customers, it may turn into a catastrophic business debacle.  Many organizations implement strong precautions and security to protect their internal networks from external threats, but not as many are vigilant in watching code on their webpage for minor graphical changes.

Technology is great and can be used to do wonderful things.  SVG offer many advantages as graphics go, but they can be abused.  Without sufficient controls to protect potential victims, I recommend blocking SVG's on social media sites.  Although extreme, it may be prudent to also abandon the user of SVG’s on websites until security software can catch-up with features to test such embedded code for malicious actions with a high degree of confidence.


Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.