- AI -Generated code used in phishing -campaign, blocked by Microsoft Defender
- Attackers used SVG file disguised as pdf, with hidden business theme code inside
- Backupilot marked AI -style properties, such as verbose -identifiers and generic comments
AI code is now used across industries for a number of tasks, and in cyber security, both security teams and attackers are increasingly turning to large language models to support their work.
Defenders use AI to discover and respond to threats in scale, while attackers are experimenting with it to create phishing lures, generate obfusced code and hide malicious payload.
Microsoft Threat Intelligence recently discovered and blocked a phishing campaign which it thought used used AI-generated code to hide its payload in an SVG file.
Polished but not practical
The campaign used a compromised E -mail account to small businesses to send self -adjudicated messages with actual goals hidden in BCC fields, and the attachment was named to look like a PDF while carrying written SVG content.
The SVG file included hidden items made to look like a business dashboard, while a script inside it made business -related words into code that revealed a hidden payload.
When opened, the file redirects users to a CAPTCHA port, a common social engineering tactic that can lead to a false sign of page aimed at harvesting credentials.
The connection was dependent on linked business words and formula code patterns rather than cryptographic techniques.
The backup filot analyzed the file and marked markers that were in accordance with LLM output, such as long descriptive identifiers, repeated modular structures, generic comments and an unusual combination of XML declaration and CDATA.
These features made the code look polished on the surface, but not practical, which caused analysts to believe it was probably generated by AI.
The researchers used AI -powered tools in Microsoft Defender to Office 365 to share clues together that were harder for attackers to hide.
The system marked the unusual self-addressed email pattern, the odd SVG file disguised as a PDF, redirect to a well-known phishing place, the hidden code inside the file and the tracking methods used on the phishing page.
The incident was limited, slightly blocked and primarily targeted at US organizations, but Microsoft notes that it illustrates how attackers are increasingly experimenting with AI to create compelling lures and complex payloads.
Via Infosecurity Magazine
