- Researchers discovered phishing attacks using SVG files to mimic Colombia‘s judicial system.
- Obfuscated SVG files delivered JavaScript-based payloads, leading to undetected phishing pages and hidden downloads.
- Over 523 malicious SVG files appeared since August 2025, with evolving payload sizes indicating shifting tactics.
- Attackers also target macOS users with Atomic macOS Stealer (AMOS), using cracked software sites and terminal commands.
- Security updates in macOS Sequoia have blocked some attack attempts, but attackers now use new techniques to bypass safeguards.
Cybersecurity experts have reported a wave of phishing campaigns that exploit SVG image files to target users, mainly by pretending to represent the Colombian judicial system. Attackers distribute these SVG files in email attachments, using them to trick recipients into revealing sensitive information.
According to VirusTotal, the SVG files contain hidden JavaScript code that injects a fake HTML page imitating the official portal of the Fiscalía General de la Nación, or the Attorney General’s Office in Colombia. This phishing page acts like a government document download service with a fake progress bar. In the background, it downloads a ZIP archive, whose contents remain undisclosed.
The Google-owned security service identified forty-four unique SVG files that evaded antivirus detection through obfuscation, polymorphism (constant changes in the file’s structure), and junk code. In total, researchers found 523 samples of these malicious SVG files as of August 2025. “Looking deeper, we saw that the earliest samples were larger, around 25 MB, and the size decreased over time, suggesting the attackers were evolving their payloads,” VirusTotal stated in its Malware-campaign.html”>report.
At the same time, macOS systems face threats from the Atomic macOS Stealer (AMOS). Attackers lure users looking for cracked apps on sites like haxmac[.]cc, then redirect them to instructions that convince victims to run commands in the Terminal app. These commands deploy AMOS, which can steal credentials, browser information, cryptocurrency wallets, messaging data, VPN settings, and files. Trend Micro noted, “AMOS shows that macOS is no longer a peripheral target.” The company explained that new macOS security requirements, such as Gatekeeper and app notarization, have blocked some attacks but have not stopped Hackers from shifting to command-line delivery methods.
Security updates with macOS Sequoia have made installation of unsigned and malicious .dmg application files more difficult. However, “threat actors quickly pivoted to terminal-based installation methods that proved more effective in bypassing security controls,” Trend Micro reported in their analysis.
In a separate campaign, researchers from CyberArk found criminals targeting gamers searching for cheats with malware like StealC and crypto-stealing tools. This operation allegedly netted attackers over $135,000 by pulling digital currency from infected systems. For more details, see CyberArk’s research.
Attackers continue to adapt, using new methods to bypass improved security and maximize stolen data.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Trump, Ishiba Sign Auto Tariff Deal, Spur $550B Japan Investment
- MOVE’s Index Surge Threatens Bitcoin Rally, Holders Selloff.
- Figma shares tumble 20% after disclosing $91M Bitcoin – CEO.
- Apple Stock Forecasts Raised as iPhone Launch Fuels Bullish Outlook
- Circle Unfreezes $58M USDC for Hayden Davis After LIBRA Ruling
