Microsoft blocks phishing scam which used AI-generated code to trick users (www.techradar.com)

Microsoft blocked a targeted phishing campaign that used AI-generated code embedded in an SVG file disguised as a PDF. Attackers sent self-addressed messages from a compromised small-business account (real targets hidden in BCC), attaching an SVG that visually mimicked a business dashboard but contained scriptable elements. The script concatenated business-themed words into code to reveal a hidden payload, then redirected victims through a CAPTCHA gate to a fake sign-in page designed to harvest credentials. The obfuscation relied on concatenated terms and formulaic patterns rather than strong cryptography, and the campaign was limited, US-focused and quickly contained by Microsoft Defender for Office 365. The case is significant because Security Copilot and Defender flagged telltale LLM “fingerprints” — long, verbose identifiers, repetitive modular structures, generic comments, and an unusual XML+CDATA mix — that made the code look polished but impractical. Microsoft’s detection combined AI-driven static analysis with contextual signals (self-addressed emails, odd SVG-as-PDF, redirects to known phishing pages, hidden code, tracking on the phishing page) to block the attack. The incident highlights an accelerating arms race: defenders are leveraging AI to find LLM artifacts and anomalous patterns at scale, while attackers experiment with generative models to craft convincing but detectable lures, underscoring the need for advanced tooling and user awareness.