Colombian Malware Utilizing SWF and SVG Formats to Evade Detection

A previously unseen malware campaign began circulating in early August 2025, targeting users in Colombia and beyond through email attachments and web downloads. The attackers leveraged two distinct vector-based file formats—Adobe Flash SWF and Scalable Vector Graphics (SVG)—to craft a multiphase operation that evaded traditional antivirus detection. Initial reports emerged when a benign-looking SWF file named Sequester.swf triggered alerts in only a handful of antivirus engines, prompting further investigation. Shortly thereafter, a companion SVG file appeared, embedding sophisticated JavaScript payloads designed to impersonate the Colombian Fiscalía General de la Nación portal. This seamless pivot between legacy and modern formats caught many security teams off guard, as the SWF component masqueraded as a legitimate 3D puzzle game, complete with ActionScript modules for rendering, pathfinding, and cryptographic routines.

While antivirus engines flagged obfuscated classes and AES routines, they failed to recognise that this code served legitimate game mechanics rather than malicious behaviour. The SVG variant contained inline JavaScript that decoded a Base64 phishing page and silently dropped a ZIP archive with additional payloads. This combination of vectors created a multiheaded threat that slipped past detection barriers with alarming ease. VirusTotal analysts noted that upon expanding support for SWF and SVG analysis in Code Insight, they uncovered dozens of related samples within hours of the initial submissions. By searching for Spanish-language comments left by the attackers, researchers identified a cohesive campaign spanning more than 40 unique SVG files, none of which had raised flags in standard antivirus scans. The heart of the operation lay in its evasion tactics, employing obfuscation and polymorphism to defeat static analysis and exploit heuristic thresholds. 

Categories: Malware Campaign, Evasion Techniques, Phishing Threats 

Tags: Malware Campaign, Email Attachments, Adobe Flash, Scalable Vector Graphics, JavaScript Payloads, Phishing Page, Detection Evasion, Obfuscation, Polymorphism, Antivirus Detection