"The activity, detected on August 28, 2025, shows how threat actors are increasingly adopting artificial intelligence (AI) tools into their workflows, often with the goal of crafting more convincing phishing lures, automating malware obfuscation, and generating code that mimics legitimate content. In the attack chain documented by the Windows maker, bad actors have been observed leveraging an already compromised business email account to send phishing messages to steal victims' credentials."
"What's notable about the messages is that the attackers make use of a self-addressed email tactic, where the sender and recipient addresses match, and the actual targets were hidden in the BCC field so as to bypass basic detection heuristics. "SVG files (Scalable Vector Graphics) are attractive to attackers because they are text-based and scriptable, allowing them to embed JavaScript and other dynamic content directly within the file," Microsoft said. "This makes it possible to deliver interactive phishing payloads that appear benign to both users and many security tools.""
Threat actors leveraged large language model–generated code to hide malicious behavior inside Scalable Vector Graphics (SVG) files, enabling interactive phishing payloads that evade detection. The campaign targeted U.S.-based organizations and used compromised business email accounts to send messages masquerading as file-sharing notifications, with recipients hidden in BCC and a self-addressed sender tactic to bypass heuristics. SVG features such as embedded JavaScript, invisible elements, encoded attributes, and delayed script execution were abused to conceal payloads. The overall objectives included credential theft, more convincing lures, automated obfuscation, and generating code that mimics legitimate content.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]