A recent credential phishing campaign detected by Microsoft Threat Intelligence used AI-generated code within an SVG file to disguise malicious behavior.
While the novel obfuscation techniques showcased attacker ingenuity, AI-powered defenses successfully blocked the attack—underscoring that AI-augmented threats remain detectable when defenders adapt analytic strategies.
On August 18, Microsoft Threat Intelligence identified a targeted phishing campaign exploiting a compromised small business email account to distribute credential-stealing emails.
The attackers attached a file named “23mb – PDF- 6 pages.svg,” designed to masquerade as a PDF despite its SVG extension. SVGs are increasingly favored by threat actors because they allow text-based embedding of JavaScript and dynamic content, facilitating sophisticated obfuscation that can slip past static analysis and sandboxing.
Upon opening, the SVG redirected users to a CAPTCHA-based verification page, a familiar social engineering tactic intended to build user trust and delay suspicion.
Although defenders blocked access before the fake login page could appear, investigation revealed that embedded JavaScript within the SVG would have reconstructed a phishing landing page to harvest credentials.
Business Terminology as a Decoy
Rather than employing standard cryptographic obfuscation, the attackers used simulated business-analytics language to conceal their payload.
First, the SVG code began with invisible elements styled as a “Business Performance Dashboard,” complete with chart bars and month labels rendered with zero opacity and transparent fills—decoy artifacts intended to mislead anyone inspecting the file.
Second, the actual payload was encoded within a long sequence of business-related terms (e.g., revenue, operations, risk, shares) stored in a hidden data-analytics attribute of an invisible
Embedded JavaScript then processed these terms through multiple transformation steps, mapping sequences of business terms to characters and instructions.
As the script executed, it systematically decoded the metadata to reconstruct functionality for redirection, browser fingerprinting, and session tracking—effectively hiding malicious behavior behind seemingly harmless corporate jargon.
Microsoft Security Copilot’s analysis determined the SVG code was likely generated by a large language model due to its complexity, verbose naming conventions (e.g., processBusinessMetricsf43e08), modular yet over-engineered structure, generic formal comments, and unnecessary inclusion of XML declarations and CDATA wrappers.
These characteristics illustrated typical AI-generated code artifacts, offering additional detection signals.
This systematic approach is characteristic of AI/LLM output, which tends to over-engineer and generalize solutions.
Despite the attackers’ use of AI for obfuscation, Microsoft Defender for Office 365’s AI-driven protections thwarted the campaign by analyzing infrastructure, behavior, and message context rather than solely inspecting payload code.
Key detection signals included self-addressed emails with BCC recipients, the suspicious choice of SVG files named like PDFs, redirects to domains linked to known phishing content, generic code obfuscation patterns, and network behaviors such as session tracking and fingerprinting.
To bolster defenses against similar AI-aided phishing threats, organizations should:
- Implement recommended settings for Exchange Online Protection and Defender for Office 365, including Safe Links for time-of-click URL verification.
- Enable Zero-hour Auto Purge (ZAP) to retroactively quarantine malicious emails.
- Promote use of browsers with SmartScreen filtering to block known phishing sites.
- Deploy cloud-delivered protection in antivirus solutions for rapid defense against novel attack variants.
- Adopt phishing-resistant authentication methods and enforce Conditional Access policies requiring strong authentication for critical applications.
As adversaries integrate AI into their offensive toolkits, security teams must continue leveraging AI-driven analytics that focus on attack patterns, infrastructure traits, and behavioral anomalies.
AI-generated obfuscation may evolve, but by shifting detection beyond code syntax to the broader context of phishing tactics, defenders can stay ahead of emerging threats.
Indicators of compromise
Here is the information in tabular form:
| Indicator | Type | Description | First seen | Last seen |
|---|---|---|---|---|
| kmnl[.]cpfcenters[.]de | Domain | Domain hosting phishing content | 08/18/2025 | 08/18/2025 |
| 23mb – PDF- 6 Pages[.]svg | File name | File name of SVG attachment | 08/18/2025 | 08/18/2025 |
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
