This attack is carried out via embedded SVG files containing JavaScript, which reassemble a Base64 encoded QBot malware installer, which is automatically downloaded via the target’s browser.

However, threat actors are increasingly using SVG files in their phishing campaigns according to security researcher MalwareHunterTeam, who shared recent samples [1, 2] with BleepingComputer.