A new phishing campaign targeting U.S. organizations leverages large language models (LLMs) to obfuscate malicious content within SVG files, as reported by Microsoft. Detected on August 28, 2025, this sophisticated attack uses socially-engineered email tactics, including self-addressed messages with recipients hidden in the BCC field to evade detection. The phishing lure masquerades as a file-sharing notification but leads to an SVG file containing harmful scripts disguised as a legitimate business dashboard. This technique utilizes business terminology, making the malware appear benign to users and security tools. SVG’s text-based nature allows for embedded JavaScript, facilitating dynamic phishing payloads. Microsoft emphasizes that this approach demonstrates increased AI integration in cybercrime workflows, aimed at creating more convincing threats. The campaign, while effectively blocked, signifies a growing trend among threat actors to employ advanced obfuscation techniques, including phishing tactics related to various sectors, such as legal and financial services.
Source link
Share
Read more