You are viewing a single comment's thread from:
RE: SVG Images are a New Ransomware Threat
Hmm... on websites SVG is becoming the norm for a lot of big players. It's the webs perfect file format for icons and logos. Big clear scalable images with small file sizes.
If a hacker could add a malicious SVG to a website, they'd have to have access, therefore they could add a malicious JavaScript file, which would be easier than messing with an SVG.
The Facebook hack mentioned is another story, but for regular websites, I wouldn't be too worried.
Agreed with how we currently see the problem. But attackers are crafty and will find new ways to exploit such capabilities, I have no doubt. The risk is low for the moment on websites and higher on social media. That will likely flip-flop as social sites block the SVG usage. Websites, and aggregation sites that pull those images, will be a greater threat long-term, but the attacker must gain privileged access to the site in order to seed the attack. Doing so, this may be one way to remain persistent longer as compared to just adding a JavaScript file to the main page. Stealth may be the lure. I honestly do know for sure. It will unfold over time.