Microsoft disclosed a phishing campaign from August 28 that used SVG files containing embedded JavaScript code, obfuscated via business-term encodings to appear benign and bypass filters.
Attackers disguised the payload by embedding terms like “revenue” or “shares” into invisible SVG elements. The files were presented as PDFs to lure recipients into opening them.
Microsoft’s analysis suggests the code was generated (or assisted) by a large language model (LLM), given stylistic artifacts, verbosity, and structural patterns uncommon in hand-written code. The campaign emphasizes how AI is being weaponized to craft more deceptive cyberattacks, requiring defenders to evolve detection methods.
