"The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a portal for Fiscalía General de la Nación, the Office of the Attorney General of Colombia. The page then simulates an official government document download process with a fake progress bar, while it stealthily triggers the download of a ZIP archive in the background."
"The disclosure comes as cracked versions of legitimate software and ClickFix-style tactics are being used to lure users into infecting their Apple macOS systems with an information stealer called Atomic macOS Stealer ( AMOS), exposing businesses to credential stuffing, financial theft, and other follow-on attacks. "AMOS is designed for broad data theft, capable of stealing credentials, browser data, cryptocurrency wallets, Telegram chats, VPN profiles, keychain items, Apple Notes, and files from common folders," Trend Micro said."
Email-delivered SVG files execute embedded JavaScript that decodes and injects a Base64-encoded HTML phishing page posing as a Fiscalía General de la Nación portal. The phishing page simulates an official document download with a fake progress bar while silently triggering a ZIP archive download in the background. VirusTotal identified 44 unique, antivirus-undetected SVG samples using obfuscation, polymorphism, and junk code, and a total of 523 SVG files in the wild with the earliest sample dated August 14, 2025. Separately, cracked software and ClickFix-style lures are pushing an Atomic macOS Stealer (AMOS) targeting macOS credentials and sensitive data, increasing enterprise risk as macOS adoption grows.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]