- Hackers use AI tools to hide phishing code in SVG files disguised as business diagrams
- Malicious SVGs coded payload using business conditions, decoded by hidden scripts to steal data
- Microsoft attributes the complex clearing to AI-Generated Code, not typically Human Posted Malware
We’ve all heard of Gen AI, who is used to designing organs by convincing phishing -e emails, but Microsoft scientists have now discovered a campaign where threat actors used AI in phishing a step further -to better hide malicious code in clear vision.
In a report that is shared with Techradar ProMicrosoft said it observed a new phishing campaign that comes from a compromised E -mail account that belonged to a small business. The technique was nothing extraordinary – attackers sent the message back to the compromised report and targeted victims through the BCC field – a standard tactic to avoid being discovered.
The e -mail itself shared a malicious file whose goal was to harvest people’s login -credentials. It was an SVG file that is disguised as a pdf. Nothing unusual here too. SVG files are scalable vector graphics used for web pictures. As they support embedded manuscripts, they can be exploited for phishing as attackers can hide malicious javascript inside, bypass filters and fool users to click on harmful links.
But then things get interesting.
Unique method of connection
After analyzing the SVG code, Microsoft found that its method of obscurration and behavior is quite unique.
“Instead of using cryptographic veil, often used to obscure phishing content, the SVG code used in this campaign business-related language to hide its malicious activity,” the report reads.
As it turns out, hidden attackers hidden malware inside SVG files by making them look like normal business diagrams.
The charts were invisible, so anyone who opened the file would just see Tom Graphics.
They also coded the malicious code as a series of business words such as “revenue” and “shares”, and a hidden script would then read these words, decode them and transform them into actions such as redirecting the browser to a phishing place, tracking the user and collecting browser info.
In essence, the file looked harmless, but it secretly ran a program that stole data and tracked activity.
This must have been working on an AI, Microsoft added: “Microsoft Security Copilot considered the code” not something that a human would typically write from scratch because of its complexity, verbality and lack of practical use. “
