Talos security researchers have identified a new malicious campaign involving Qakbot attackers. The attackers use a relatively new technique with QBot malware phishing campaigns that uses Scalable Vector Graphics (SVG) images embedded in HTML email attachments.
Malicious payloads are delivered in the form of encoded strings in an HTML attachment or webpage. The malicious HTML code is generated within the browser on the target device, which is already inside the victim’s network’s security perimeter. When a victim opens the attachment in their browser after receiving the email, the embedded script decodes and runs, assembling a malicious payload directly on the victim’s device.
If the recipient enters the password provided by the attacker and opens the zip archive, an.ISO file can be extracted. The.iso file allows the Qakbot malware to infect the victim.
The sources for this piece include an article in BleepingComputer.