hpr4406 :: SVG Files: Cyber Threat Hidden in Images
Out of nowhere, my Firefox browser on my Mac mini started automatically adding every page I visited
Hosted by ko3moc on Monday, 2025-06-23 is flagged as Clean and is released under a CC-BY-SA license.
svh.
(Be the first).
Listen in ogg,
opus,
or mp3 format. Play now:
Duration: 00:08:25
Download the transcription and
subtitles.
general.
Out of nowhere, my Firefox browser on my Mac mini started automatically adding every page I visited to my bookmarks. At first, I thought it was a bug after recent update —maybe a misconfigured setting or similar. But when I searched for a fix, Google suggested something alarming: Scan for malware. And guess what? The source of my trouble turned out to be an 4 SVG files hiding malicious code.
That’s right—those innocent-looking vector graphics files we use every day for logos, icons, and web design? They can secretly carry malware. In my case those were the files, a logos of reputable delivery companies like deliveroo and JustEat which I have downloaded while I was updating a website for my client. Today, we’re breaking down how SVG files are being weaponized, why they’re so effective, and how to protect yourself.
<?xml version="1.0"?>
<svg xmlns="http://www.w3.org/2000/svg" width="120" height="160" viewBox="0 0 120 160">
<!-- Animated Bodhi Leaf -->
<path id="bodhi-leaf" d="M60 10 Q30 40 20 80 Q15 120 60 150 Q105 120 100 80 Q90 40 60 10 Z" stroke="#1E5631" stroke-width="2">
<animate attributeName="fill" values="white;#FFD700;#2E8B57;#4682B4;#FF0000;#800080;#808080;black;white" dur="8s" repeatCount="indefinite"/>
</path>
<!-- Static veins (contrast with leaf) -->
<path d="M60 10 L60 150" stroke="#1E5631" stroke-width="1.5"/>
<g stroke="#1E5631" stroke-width="1">
<path d="M60 30 Q45 35 40 50"/>
<path d="M60 30 Q75 35 80 50"/>
<path d="M60 60 Q40 70 35 90"/>
<path d="M60 60 Q80 70 85 90"/>
<path d="M60 90 Q50 100 45 120"/>
<path d="M60 90 Q70 100 75 120"/>
</g>
</svg>