Not exactly — it’s a bit more than just a link scam.
The SVG actually started a multi-stage infection chain, downloading a password-protected archive with a malicious CHM/HTA that deployed Amatera Stealer and PureMiner.
So it’s a real system compromise, not just a fake site trick.
No comments yet.