GUloader Unmasked: Decrypting the Threat of Malicious SVG Files

McAfee Labs analysis describes a GUloader campaign distributed through malicious SVG attachments that use embedded JavaScript to drop a ZIP containing an obfuscated WSF; the WSF launches PowerShell to fetch base64-encoded payloads from a remote URL, decode shellcode, and perform process hollowing into MSBuild for execution and persistence, with indicators (SHA256 hashes and URL) provided.