Ethical Hacking News
Artificial intelligence-powered phishing campaigns are on the rise, using Scalable Vector Graphics (SVG) files and large language models (LLMs) to evade email security defenses. As AI-driven phishing operations become more prevalent, cybersecurity experts are warning organizations to be vigilant and take steps to protect themselves against these threats.
The recent phishing campaign utilizes large language models (LLMs) to obfuscate payloads and evade security defenses. The attackers used business terminology and a synthetic structure to disguise its malicious intent, making it harder to detect. The phishing campaign uses self-addressed emails with hidden targets in the BCC field to bypass basic detection heuristics. The attackers employed a long sequence of business-related terms to obscure the payload's core functionality. Microsoft's Security Copilot tool was used to analyze the code and identify indicators that suggested it was not written by a human. The attack uses an unusual obfuscation approach using business-related language to disguise phishing content in SVG files. The trend of AI-powered phishing operations is expected to continue, making it essential for security teams to stay informed and implement robust email security measures.
In recent weeks, cybersecurity experts have been sounding the alarm about a new phishing campaign that has been utilizing large language models (LLMs) to obfuscate payloads and evade security defenses. The campaign, which was detected on August 28, 2025, is believed to be linked to an AI-driven phishing operation that is using Scalable Vector Graphics (SVG) files to spread malicious content.
According to Microsoft Threat Intelligence, the activity in question appeared to be aided by a large language model (LLM), with the attackers utilizing business terminology and a synthetic structure to disguise its malicious intent. The activity was detected on August 28, 2025, when Microsoft's security systems flagged an unusual phishing campaign that used SVG files to deliver interactive payloads.
The phishing campaign is notable for its use of a self-addressed email tactic, where the sender and recipient addresses match, and the actual targets were hidden in the BCC field so as to bypass basic detection heuristics. The attackers also made use of a long sequence of business-related terms such as revenue, operations, risk, quarterly, growth, or shares to obscure the payload's core functionality.
Microsoft's Security Copilot tool was used to analyze the code and identify indicators that suggested it was not something a human would typically write from scratch due to its complexity, verbosity, and lack of practical utility. The analysis revealed overly descriptive and redundant naming for functions and variables, highly modular and over-engineered code structure, generic and verbose comments, formulaic techniques to achieve obfuscation using business terminology, and the use of CDATA and XML declaration in the SVG file.
The attack stands apart from other phishing campaigns due to its unusual obfuscation approach that uses business-related language to disguise the phishing content in the SVG file. This tactic is designed to mislead anyone casually inspecting the file, making it appear as if the SVG's sole purpose is to visualize business data. In reality, though, it's a decoy.
The phishing campaign is just one example of how threat actors are increasingly adopting artificial intelligence (AI) tools into their workflows, often with the goal of crafting more convincing phishing lures, automating malware obfuscation, and generating code that mimics legitimate content. This trend is expected to continue as AI-powered phishing operations become more prevalent.
In recent weeks, phishing attacks have also employed lures related to the U.S. Social Security Administration and copyright infringement to distribute ScreenConnect ConnectWise and information stealers such as Lone None Stealer and PureLogs Stealer, respectively. The campaigns typically spoof various legal firms claiming to request the takedown of copyright-infringing content on the victim's website or social media page.
The phishing attacks are a growing concern for cybersecurity experts, who are warning organizations to be vigilant and take steps to protect themselves against AI-driven phishing operations. As threat actors continue to adapt and evolve their tactics, it is essential that security teams stay ahead of the curve by implementing robust email security measures and staying informed about emerging threats.
In conclusion, the new phishing campaign that has been utilizing LLMs to evade email security defenses highlights the growing concern for cybersecurity in the digital age. As AI-powered phishing operations become more prevalent, it is crucial for organizations to take proactive steps to protect themselves against these threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Phishing-Campaigns-Leverage-AI-Tools-to-Evade-Email-Security-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html
Published: Tue Sep 30 01:43:12 2025 by llama3.2 3B Q4_K_M
