A credential phishing campaign that likely relied on AI-generated code to evade detection has been stopped by Microsoft Threat Intelligence.
The attack, which targeted organizations in the US, attempted to disguise its payload inside an SVG file that appeared to be a PDF.
On August 18, attackers used a compromised small business email account to send phishing emails. The messages were self-addressed, with real targets hidden in the Bcc field and made to look like file-sharing notifications. Attached was a file named “23mb – PDF- 6 pages.svg.”
SVG files are particularly useful for attackers because they can contain embedded scripts. In this case, the file redirected recipients to a fake CAPTCHA page and was likely intended to lead to a fraudulent sign-in form.
Read more on phishing attack trends: Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks
The code inside the SVG stood out for its unusual obfuscation. Instead of encryption, the attackers disguised the payload using business-related language. Invisible elements created the appearance of a business performance dashboard, while terms like “revenue,” “operations” and “risk” were encoded as hidden attributes.
Embedded JavaScript then decoded these terms into malicious instructions, such as redirecting browsers and tracking sessions.
The Role of AI
Microsoft’s Security Copilot assessed that the code was almost certainly generated with the help of a large language model. The reasoning was based on several traits, including:
-
Overly descriptive function names with random suffixes
-
Modular, over-engineered code blocks
-
Verbose and generic comments written in formal business language
-
Formulaic obfuscation techniques
-
Unusual use of CDATA and XML declarations
“This is not something a human would typically write from scratch,” Microsoft noted, citing the complexity and verbosity of the attack code.
How the Attack was Stopped
Even with the code’s novel obfuscation techniques, Microsoft Defender for Office 365 was able to detect and block the campaign by relying on patterns in infrastructure, delivery methods and message context.
In this case, the protection platform flagged a series of anomalies: the emails were self-addressed with hidden BCC recipients; the attached file used an uncommon SVG format disguised as a PDF; and the redirected domain had already been linked to phishing activity.
Analysts also noted code obfuscation and suspicious network behavior such as session tracking and browser fingerprinting. Taken together, these signals were enough to shut down the campaign before it could advance.
Microsoft emphasized that AI-generated obfuscation may create more polished or verbose code, but it also introduces new artifacts. These artifacts can themselves become detection signals, meaning that attackers gain sophistication but also leave behind fresh traces for defenders to exploit.
Recommendations for Organizations
To reduce risk from similar threats, Microsoft advises organizations to:
-
Use Safe Links in Microsoft Defender for Office 365
-
Enable Zero-hour Auto Purge (ZAP)
-
Adopt phishing-resistant authentication methods
-
Turn on cloud-delivered protection in antivirus solutions
The case highlights a growing trend. Both cyber-criminals and defenders are turning to AI, but security systems remain capable of identifying and neutralizing emerging, AI-aided threats.
