Sophisticated Phishing Campaign Uses Malicious SVG Files to Deliver CountLoader and Other Malware

A new phishing campaign has been detected, targeting Ukrainian government agencies by impersonating them to distribute malware. The campaign employs malicious Scalable Vector Graphics (SVG) files to trick recipients into opening harmful attachments. According to Yurren Wan, a researcher at Fortinet FortiGuard Labs, this campaign uses sophisticated techniques to deceive users and install malware such as CountLoader, which is subsequently used to deploy Amatera Stealer and PureMiner. The use of SVG files as an attack vector is notable, as it represents an unconventional method that may bypass traditional security measures. The multi-stage malware delivery process, involving CountLoader, indicates a well-planned attack designed to evade detection. This campaign underscores the evolving tactics of cybercriminals and the need for advanced threat detection mechanisms. Organizations, particularly those in Ukraine, should enhance their vigilance against phishing emails and implement multi-layered defense strategies to mitigate such threats. User education on recognizing phishing attempts and suspicious attachments is also critical in preventing successful attacks.