Phishing Fiasco: Ukrainian Agencies Impersonated in SVG Malware Mayhem

In a new twist on phishing, attackers impersonate Ukrainian government agencies, using malicious SVG files to drop CountLoader. This leads to the deployment of Amatera Stealer and PureMiner, proving even hackers appreciate a good fileless execution. Welcome to the digital age, where even your graphics can be out to get you.

3P
Published: September 26, 2025 5:08 pmAdded: September 26, 2025 at 10:18 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that SVG files could be as dangerous as they are dull? These attackers are getting crafty, using art files to deliver malware—looks like they’re turning phishing into a fine art! Next thing you know, we’ll have to start worrying about interpretive dance-based cyber attacks.

Key Points:

  • Phishing campaign impersonates Ukrainian government, using SVG files to deceive recipients.
  • SVG files initiate download of ZIP archives containing CHM files, leading to CountLoader deployment.
  • CountLoader serves as a vector for Amatera Stealer and PureMiner, both fileless threats.
  • PureCoder’s suite includes PureHVNC RAT, PureMiner, PureCrypter, and more.
  • Parallel campaign observed using copyright infringement themes to deploy PureRAT.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?