Article Details

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security. Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure to disguise its malicious intent," the Microsoft Threat Intelligence team said in an analysis published last week. The activity, detected on August 28, 2025, shows how threat actors are increasingly adopting artificial intelligence (AI) tools into their workflows, often with the goal of crafting more convincing phishing lures, automating malware obfuscation, and generating code that mimics legitimate content. In the attack chain documented by the Windows maker, bad actors have been observed leveraging an already compromised business email account to send phishing messages to steal victims' credentials. The messages feature lure masquerading as a file-sharing notification to entice them into opening what ostensibly appears to be a PDF document, but, in reality, is a Scalable Vector Graphics (SVG) file. What's notable about the messages is that the attackers make use of a self-addressed email tactic, where the sender and recipient addresses match, and the actual targets were hidden in the BCC field so as to bypass basic detection heuristics. "SVG files (Scalable Vector Graphics) are attractive to attackers because they are text-based and scriptable, allowing them to embed JavaScript and other dynamic content directly within the file," Microsoft said. "This makes it possible to deliver interactive phishing payloads that appear benign to both users and many security tools." On top of that, the fact that SVG file format supports features such as invisible elements, encoded attributes, and delayed script execution makes it ideal for adversaries looking to sidestep static analysis and sandboxing, it added. The SVG file, once launched, redirects the user to a page that serves a CAPTCHA for security verification, completing which, they are likely taken to a fake login page to harvest their credentials. Microsoft said the exact next stage is unclear due to its systems flagging and neutralizing the threat. But where the attack stands apart is when it comes to its unusual obfuscation approach that uses business-related language to disguise the phishing content in the SVG file -- a sign that it may have been generated using an LLM. "First, the beginning of the SVG code was structured to look like a legitimate business analytics dashboard," Microsoft said. "This tactic is designed to mislead anyone casually inspecting the file, making it appear as if the SVG's sole purpose is to visualize business data. In reality, though, it's a decoy." The second aspect is that the payload's core functionality – which is to redirect users to the initial phishing landing page, trigger browser fingerprinting, and initiate session tracking – is also obscured using a long sequence of business-related terms such as revenue, operations, risk, quarterly, growth, or shares. Microsoft said it ran the code against its Security Copilot, which found that the program was "not something a human would typically write from scratch due to its complexity, verbosity, and lack of practical utility." Some of the indicators it used to arrive at the conclusion include the use of - "While this campaign was limited in scope and effectively blocked, similar techniques are increasingly being leveraged by a range of threat actors," Microsoft said. The disclosure comes as Forcepoint detailed a multi-stage attack sequence that uses phishing emails with .XLAM attachments to execute shellcode that ultimately deploys XWorm RAT by means of a secondary payload, while simultaneously displaying a blank or corrupted Office file as a ruse. The secondary payload functions as a conduit to load a .DLL file in memory. "The second stage .DLL file from memory uses heavily obfuscated packing and encryption techniques," Forcepoint said. "This second stage .DLL file loaded another .DLL file in memory again using reflective DLL injection which was further responsible for final execution of malware." "The next and final step performs a process injection in its own main executable file, maintaining persistence and exfiltrating data to its command-and-control servers. The C2s where data was exfiltrated was found to be related to XWorm family." In recent weeks, phishing attacks have also employed lures related to the U.S. Social Security Administration and copyright infringement to distribute ScreenConnect ConnectWise and information stealers such as Lone None Stealer and PureLogs Stealer, respectively, per Cofense. "The campaign typically spoofs various legal firms claiming to request the takedown of copyright-infringing content on the victim's website or social media page," the email security company said of the second set of attacks. "This campaign is notable for its novel use of a Telegram bot profile page to deliver its initial payload, obfuscated compiled Python script payloads, and evolving complexity as seen through multiple iterations of campaign samples."