28/04/2025

MONDAY | APR 28, 2025

23

LYFE

S CALING up their efforts, attackers are now sending phishing emails to individual and corporate users with attachments in Scalable Vector Graphics (SVG) format, which is commonly used for storing images similar to JPG, JPEG and PNG files. According to Kaspersky, opening these SVG files will lead users to phishing pages that mimic Google and Microsoft servers, with the ultimate aim being to steal said users’ login credentials. There has been an almost six-fold increase in phishing via SVG files in March compared to February, and over 4,000 of these emails have been detected globally since the start of the year. SVG is a format for describing two dimensional vector graphics using XML, a markup language that provides rules to define any data. SVG supports JavaScript and HTML, unlike JPEG or PNG image format. This makes it easier for designers to work with non-graphical content such as text formulas and interactive elements. However, attackers are exploiting this by embedding scripts with links to phishing pages within the image file. Users might open these files out of curiosity, thinking they are images but the SVG file will act like an HTML page without description of graphics. When opened in a web browser, the file will appear as a web page with a link that supposedly points to an audio file. Clicking on this redirects the user to a phishing page mimicking a Google Voice audio recording with the audio track actually being a static image. Then, clicking “Play Audio” will once again redirect users to a corporate email login page, allowing attackers to capture their credentials. The page will also include the target company’s logo as a means to lower the user’s guard. In a separate instance, mimicking a notification from an e-signature service, attackers presented an SVG attachment as a document that required review and signature. Unlike the first example, where the SVG file acted as an HTML page, in this case it contains JavaScript that, when the file is opened, launches a browser window with another fake login phishing site, this time mimicking Microsoft. Cybersecurity and anti-virus firms have posited that the adoption of SVG is yet another sign of phishers are relentlessly exploring new techniques to circumvent detection of their scams. Kaspersky anti-scam expert Roman Dedenok said it signals a clear upward trend and it could evolve further into more sophisticated, targeted attacks. To avoid becoming a victim of phishing or malicious messages: 0 Only open emails and click links if you are sure you can trust the sender. 0 When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication.

SVG files fuel phishing surge o Cybercriminals exploit image format to mimic Google, Microsoft logins Phishers are experimenting with new ways to carry out attacks. – FREEPIKPIC

0 Check the spelling of a website’s URL if you suspect you are faced with a phishing page. The URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O. 0 Use a proven security solution when surfing the web.

A fake login form.

A phishing email with an SVG attachment.

Trial testimony reveals OpenAI’s interest in Google’s Chrome

OPENAI is ready to buy Chrome if Google is forced to sell its popular browser as part of antitrust trial, a top executive recently testified, according to media reports. OpenAI product manager Nick Turley revealed the startup’s interest in the world’s most popular internet browser while testifying in court in Washington DC. Turley spoke in front of a judge who will decide what remedies to impose on Google after making a landmark decision last year that the tech giant maintained an illegal monopoly in online search. US government attorneys have urged Judge Amit Mehta to force Google to sell off its Chrome browser, arguing artificial intelligence (AI) is poised to ramp up the tech giant’s online search dominance. Google countered in the case that the US government has gone way beyond the scope of the suit by recommending it be forced to sell Chrome and holding open the option to force a sale of its Android mobile operating system. The legal case focused on Google’s agreements with partners such as Apple and Samsung to distribute its search tools,

noted Google president of global affairs Kent Walker. “The DOJ chose to push a radical interventionist agenda that would harm Americans and America’s global technology leadership. The DOJ’s wildly overbroad proposal goes miles beyond the court’s decision,” Walker wrote in a blog post. A Bloomberg analyst has estimated the price of Chrome browser, which has more than three billion users, at US$15 billion (RM65 billion) or more. Turley said during his testimony that OpenAI had approached Google about integrating its search technology into the ChatGPT AI-powered digital assistant but was rebuffed, according to media reports. Google is among the tech companies investing heavily to be among the leaders in AI, and is weaving the technology into search and other online offerings. The DOJ case against Google regarding its dominance in internet search was filed in 2020. Mehta ruled against Google in August last year and the tech giant has appealed. – AFP

The estimated price of the Chrome browser, which has more than three billion users, is at US$15 billion (RM65 billion) or more. – PEXELSPIC