Cybercriminals have developed a new technique that turns seemingly harmless vector graphics into a way to deliver malware. A recent campaign in Latin America shows how attackers are using large SVG files to spread AsyncRAT, a powerful malware that can take over an entire system.
The attack starts with carefully crafted phishing emails that impersonate legitimate institutions, often government or judicial systems. The emails claim that legal documents or court summons require immediate attention, which pressures the victim to open the attached SVG file.
How the Malware Hides
Unlike typical malware campaigns that rely on external servers, these malicious SVG files contain the full malicious package. This technique, known as SVG smuggling, uses the XML-based nature of Scalable Vector Graphics to embed scripts and encoded payloads directly into the image file.
Analysts have found that these files are often over 10 MB in size and immediately display fake government websites when opened. The attackers appear to use AI tools to generate unique SVG files for each victim, with randomized data to avoid being detected by security software.
The Infection Process
When a user clicks on the SVG attachment, their web browser opens a fake website that mimics Colombia’s judicial system. The malicious SVG file contains a JavaScript code that simulates a document verification process, showing progress bars and status messages to appear legitimate.
While this is happening, the script silently downloads a password-protected ZIP archive that contains the final AsyncRAT malware. The campaign uses a technique called DLL sideloading, where a legitimate application is tricked into loading malicious libraries. This allows the malware to blend in with normal system processes and evade detection.
So far, the attacks have been concentrated in Colombia, with spikes in activity happening mid-week throughout August 2025.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
