Microsoft researchers have uncovered a sophisticated phishing campaign where hackers use artificial intelligence to hide malicious code inside business chart graphics, marking a new evolution in AI-powered cyberattacks. The technique disguises harmful JavaScript within seemingly innocuous SVG files by encoding malware as business terminology like “revenue” and “shares,” which hidden scripts then decode to steal user credentials and browser data.
What you should know: The attack method represents a significant advancement in phishing obfuscation techniques that bypasses traditional security filters.
- Hackers compromised a small business email account and used it to distribute malicious SVG files disguised as PDF documents through BCC targeting.
- The SVG files appeared as blank business charts but contained invisible malicious code encoded using business-related language.
- Hidden scripts decoded the business terms into executable commands that redirected browsers to phishing sites and harvested login credentials.
How the AI obfuscation works: Instead of typical cryptographic methods, the attackers used business vocabulary to mask their malicious intent.
- The malware was encoded as strings of legitimate business words like “revenue” and “shares” rather than traditional code obfuscation.
- Charts remained completely invisible to users, showing only blank graphics when opened.
- Background scripts automatically read the encoded business terms, decoded them, and executed malicious actions including user tracking and data collection.
In plain English: Think of it like hiding a secret message in a business report—the attackers took harmful computer code and disguised it as normal business words, then programmed the file to automatically translate those words back into malicious actions when someone opened it.
Why this matters: Microsoft’s analysis indicates the code complexity suggests AI generation rather than human programming.
- Microsoft Security Copilot, the company’s AI security tool, assessed that the code was “not something a human would typically write from scratch due to its complexity, verbosity, and lack of practical utility.”
- The technique exploits SVG files’ ability to embed JavaScript, allowing attackers to bypass security filters more effectively than traditional methods.
- This represents an escalation from AI simply crafting convincing phishing email content to actually generating sophisticated code obfuscation techniques.
The bigger picture: SVG files present unique security challenges due to their dual nature as both graphics and executable content.
- As scalable vector graphics supporting embedded scripts, SVG files are increasingly exploited for phishing attacks.
- The business terminology encoding makes detection significantly more difficult for both automated security systems and human analysts.
- This campaign demonstrates how threat actors are leveraging AI not just for social engineering but for technical evasion capabilities.
Recent Stories
DOE fusion roadmap targets 2030s commercial deployment as AI drives $9B investment
The Department of Energy has released a new roadmap targeting commercial-scale fusion power deployment by the mid-2030s, though the plan lacks specific funding commitments and relies on scientific breakthroughs that have eluded researchers for decades. The strategy emphasizes public-private partnerships and positions AI as both a research tool and motivation for developing fusion energy to meet data centers' growing electricity demands. The big picture: The DOE's roadmap aims to "deliver the public infrastructure that supports the fusion private sector scale up in the 2030s," but acknowledges it cannot commit to specific funding levels and remains subject to Congressional appropriations. Why...
Oct 17, 2025Tying it all together: Credo’s purple cables power the $4B AI data center boom
Credo, a Silicon Valley semiconductor company specializing in data center cables and chips, has seen its stock price more than double this year to $143.61, following a 245% surge in 2024. The company's signature purple cables, which cost between $300-$500 each, have become essential infrastructure for AI data centers, positioning Credo to capitalize on the trillion-dollar AI infrastructure expansion as hyperscalers like Amazon, Microsoft, and Elon Musk's xAI rapidly build out massive computing facilities. What you should know: Credo's active electrical cables (AECs) are becoming indispensable for connecting the massive GPU clusters required for AI training and inference. The company...
Oct 17, 2025Vatican launches Latin American AI network for human development
The Vatican hosted a two-day conference bringing together 50 global experts to explore how artificial intelligence can advance peace, social justice, and human development. The event launched the Latin American AI Network for Integral Human Development and established principles for ethical AI governance that prioritize human dignity over technological advancement. What you should know: The Pontifical Academy of Social Sciences, the Vatican's research body for social issues, organized the "Digital Rerum Novarum" conference on October 16-17, combining academic research with practical AI applications. Participants included leading experts from MIT, Microsoft, Columbia University, the UN, and major European institutions. The conference...