Microsoft Flags AI-Driven Phishing LLM-Crafted SVG Files Outsmart Email Security

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses.

“Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure to disguise its malicious intent,” the Microsoft Threat Intelligence team said in an analysis published last week.

“SVG files (Scalable Vector Graphics) are attractive to attackers because they are text-based and scriptable, allowing them to embed JavaScript and other dynamic content directly within the file,” Microsoft said. “This makes it possible to deliver interactive phishing payloads that appear benign to both users and many security tools.”

But where the attack stands apart is when it comes to its unusual obfuscation approach that uses business-related language to disguise the phishing content in the SVG file – a sign that it may have been generated using an LLM.

To read the complete article see: full article.