it seems like the SVG file/image contained an embedded link? And they clicked the link and got pulled into one of those scam websites asking you to install shit software viruses. It was not that the svg file just went crazy and hacked their entire machine...
Not exactly — it’s a bit more than just a link scam.
The SVG actually started a multi-stage infection chain, downloading a password-protected archive with a malicious CHM/HTA that deployed Amatera Stealer and PureMiner.
So it’s a real system compromise, not just a fake site trick.
The sophistication here (SVG > CHM > fileless execution > dual payload) suggests access to commercial malware toolkits rather than bespoke APT development.
it seems like the SVG file/image contained an embedded link? And they clicked the link and got pulled into one of those scam websites asking you to install shit software viruses. It was not that the svg file just went crazy and hacked their entire machine...
Not exactly — it’s a bit more than just a link scam. The SVG actually started a multi-stage infection chain, downloading a password-protected archive with a malicious CHM/HTA that deployed Amatera Stealer and PureMiner. So it’s a real system compromise, not just a fake site trick.
The sophistication here (SVG > CHM > fileless execution > dual payload) suggests access to commercial malware toolkits rather than bespoke APT development.
And, it might be taking longer to discover because it's hard to notice with SVG.