Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam

A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader , which is then used to drop Amatera Stealer and PureMiner .

"The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The Hacker News.

In the attack chains documented by the cybersecurity company, the SVG files are used to initiate the download of a password-protected ZIP archive, which contains a Compiled HTML Help (CHM) file. The CHM file, when launched, activates a chain of events that culminate in the deployment of CountLoader. The email messages claim to be a notice from the National Police of Ukraine