HPR4406: SVG Files: Cyber Threat Hidden in Images

This show has been flagged as Clean by the host.

Out of nowhere, my Firefox browser on my Mac mini started automatically adding every page I visited to my bookmarks. At first, I thought it was a bug after recent update —maybe a misconfigured setting or similar. But when I searched for a fix, Google suggested something alarming: Scan for malware. And guess what? The source of my trouble turned out to be an 4 SVG files hiding malicious code.

That’s right—those innocent-looking vector graphics files we use every day for logos, icons, and web design? They can secretly carry malware. In my case those were the files, a logos of reputable delivery companies like deliveroo and JustEat which I have downloaded while I was updating a website for my client. Today, we’re breaking down how SVG files are being weaponized, why they’re so effective, and how to protect yourself.

<?xml version="1.0"?>
<svg xmlns="http://www.w3.org/2000/svg" width="120" height="160" viewBox="0 0 120 160">
  <!-- Animated Bodhi Leaf -->
  <path id="bodhi-leaf" d="M60 10 Q30 40 20 80 Q15 120 60 150     Q105 120 100 80 Q90 40 60 10 Z" stroke="#1E5631" stroke-width="2">
    <animate attributeName="fill" values="white;#FFD700;#2E8B57;#4682B4;#FF0000;#800080;#808080;black;white" dur="8s" repeatCount="indefinite"/>
  </path>
  <!-- Static veins (contrast with leaf) -->
  <path d="M60 10 L60 150" stroke="#1E5631" stroke-width="1.5"/>
  <g stroke="#1E5631" stroke-width="1">
    <path d="M60 30 Q45 35 40 50"/>
    <path d="M60 30 Q75 35 80 50"/>
    <path d="M60 60 Q40 70 35 90"/>
    <path d="M60 60 Q80 70 85 90"/>
    <path d="M60 90 Q50 100 45 120"/>
    <path d="M60 90 Q70 100 75 120"/>
  </g>
</svg>

Provide feedback on this episode.

HPR Comments

ko3moc says: response

oxo says: Interesting!

Mastodon Comments

More Information...