OVERVIEW
Microsoft has identified a phishing campaign using malicious SVG (Scalable Vector Graphics) files disguised as PDFs or file-sharing notifications. These files contain hidden scripts that redirect users to CAPTCHA pages and then to fake login portals to steal credentials. The attack is notable for its likely use of AI (LLMs) to generate verbose, business-themed code that appears legitimate and evades detection, and for employing a self-addressed email tactic where the real targets are hidden in BCC. Although the campaign was limited and blocked, it highlights the growing sophistication of AI-driven phishing and the importance of strong email security and user awareness.
TECHNICAL DETAILS
- Malware Type: SVG-embedded JavaScript used to redirect victims to CAPTCHA and fake login pages for credential harvesting; potential secondary payloads include information stealers and RATs.
- Delivery Vector: Malspam emails with .svg attachments disguised as PDFs; self-addressed emails with real recipients in BCC; sometimes sent from compromised…..
