Close Menu
TechurzTechurz
    What's Hot

    Humble Robotics’ CEO says the tech finally caught up to the vision for autonomous vehicles

    July 1, 2026

    Autonomous vehicle hype is back, and Humble Robotics is bringing it to freights

    July 1, 2026

    Builders Stage agenda revealed for Disrupt 2026

    July 1, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Humble Robotics’ CEO says the tech finally caught up to the vision for autonomous vehicles
    • Autonomous vehicle hype is back, and Humble Robotics is bringing it to freights
    • Builders Stage agenda revealed for Disrupt 2026
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
    Cyber Reality

    VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

    TechurzBy TechurzSeptember 6, 2025Updated:May 10, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Sep 05, 2025Ravie LakshmananMalware / Cryptocurrency

    Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system.

    The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a portal for Fiscalía General de la Nación, the Office of the Attorney General of Colombia.

    The page then simulates an official government document download process with a fake progress bar, while it stealthily triggers the download of a ZIP archive in the background. The exact nature of the ZIP file was not disclosed.

    The Google-owned malware scanning service said it found 44 unique SVG files, all of which have remained undetected by antivirus engines, owing to the use of techniques like obfuscation, polymorphism, and large amounts of junk code to evade static detection methods.

    In all, as many as 523 SVG files have been detected in the wild, with the earliest sample dating back to August 14, 2025.

    “Looking deeper, we saw that the earliest samples were larger, around 25 MB, and the size decreased over time, suggesting the attackers were evolving their payloads,” VirusTotal said.

    The disclosure comes as cracked versions of legitimate software and ClickFix-style tactics are being used to lure users into infecting their Apple macOS systems with an information stealer called Atomic macOS Stealer (AMOS), exposing businesses to credential stuffing, financial theft, and other follow-on attacks.

    “AMOS is designed for broad data theft, capable of stealing credentials, browser data, cryptocurrency wallets, Telegram chats, VPN profiles, keychain items, Apple Notes, and files from common folders,” Trend Micro said. “AMOS shows that macOS is no longer a peripheral target. As macOS devices gain ground in enterprise settings, they have become a more attractive and lucrative focus for attackers.”

    The attack chain essentially involves targeting users looking for cracked software on sites like haxmac[.]cc, redirecting them to bogus download links that provide installation instructions designed to trick them into running malicious commands on the Terminal app, thus triggering the deployment of AMOS.

    It’s worth noting that Apple prevents the installation of .dmg files lacking proper notarization due to macOS’s Gatekeeper protections, which require the application packages to be signed by an identified developer and notarized by Apple.

    “With the release of macOS Sequoia, attempts to install malicious or unsigned .dmg files, such as those used in AMOS campaigns, are blocked by default,” the company added. “While this doesn’t eliminate the risk entirely, especially for users who may bypass built-in protections, it raises the barrier for successful infections and forces attackers to adapt their delivery methods.”

    This is why threat actors are increasingly banking on ClickFix, as it allows the stealer to be installed on the machine using Terminal by means of a curl command specified in the software download page.

    “While macOS Sequoia’s enhanced Gatekeeper protections successfully blocked traditional .dmg-based infections, threat actors quickly pivoted to terminal-based installation methods that proved more effective in bypassing security controls,” Trend Micro said. “This shift highlights the importance of defense-in-depth strategies that don’t rely solely on built-in operating system protections.”

    The development also follows the discovery of a “sprawling cyber campaign” that’s targeting gamers on the lookout for cheats with StealC stealer and crypto theft malware, netting the threat actors more than $135,000.

    Per CyberArk, the activity is notable for leveraging StealC’s loader capabilities to download additional payloads, in this case, a cryptocurrency stealer that can siphon digital assets from users on infected machines.

    Base64Encoded deploy Files finds Pages phishing SVG undetected VirusTotal
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleTikTok is obsessed with this guy who bought an abandoned golf course in Maine
    Next Article You can now book doctors appointments through the Samsung Health app
    Techurz
    • Website

    Related Posts

    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Cyber Reality

    Neural Data Policy: 7 Risks That Brain Privacy Laws Miss

    May 25, 2026
    Cyber Reality

    How AI Changing Cyber Crime: 7 Critical Shifts to Watch

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.