Hackers created based64 encoded malware program called QBot that is embedded in SVG images and the program is automatically download and install in Windows. According to Cisco Talos researchers, hackers are sending email that contains SVG image containing QBot malware.
When the viewer opens the SVG file, HTML decode JavaScript and execute the malware program automatically in Windows. Check the following SVG source code.
Although SVG is vector image format based on HTML, it has ability to add and insert some scripts in the file where as JPG and PNG can’t. Those type of attack is called HTML smuggling. Check the example QBot source code described from Cisco Talos.
Beware those type of attack and you should install proper antivirus program in your Windows PC to protect Qbot malware came from SVG images.
