If you’re not blocking SVG (Scalable Vector Graphic) attachments in email messages you might want to.
I have observed something I haven’t yet seen. Malicious email messages where the attachment the threat actor wants the target to open is a to SVG file pretending to be an agreement.
The SVG file when loaded makes a HTTP call to load a remote image, it also contains a transparent layer which links to the malicious website.
Looks to be an attempt at evading detection.
[#]ThreatIntel
=> More informations about this toot | View the thread | More toots from fellows@cyberplace.social
=> View threatintel tag This content has been proxied by September (3851b).Proxy Information
text/gemini