IBM X-Force Uncovers Targeted Phishing Campaign

Cybersecurity researchers at IBM X-Force have identified a targeted phishing campaign aimed at Spanish-speaking individuals, with a specific focus on entities in Colombia. The operation employs sophisticated social engineering tactics to distribute a multi-stage malware infection, beginning with Hijack Loader and culminating in the deployment of the PureHVNC Remote Access Trojan (RAT). The campaign leverages lures themed around official communications from the Attorney General’s office of Colombia to establish credibility and entice potential victims.

Infection Chain Leverages SVG Files

The attack begins with a phishing email designed to appear as an official notice. These emails prompt the recipient to open an attached Scalable Vector Graphics (SVG) file, which is presented as a crucial document from the judicial information system. When the user interacts with the SVG file, it initiates a download for the first-stage payload. This method is used to bypass initial security filters that may be more focused on traditional malicious attachment types. The download starts the infection chain by executing the Hijack Loader malware on the victim’s system.

Once active, Hijack Loader acts as a dropper, responsible for retrieving and executing the final payload. In this campaign, the ultimate goal is to install PureHVNC, a potent Remote Access Trojan. As a RAT, PureHVNC provides attackers with the capability to gain remote control over the compromised computer. This allows for unauthorized access and management of the infected device. The entire attack sequence, from the initial email to the final RAT deployment, was detailed in the findings released by IBM X-Force.

Source: https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html