• Technology

    Watch out – hackers are using AI to make phishing emails even more convincing

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    Watch out - hackers are using AI to make phishing emails even more convincing

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    AI-powered phishing attacks are on the rise and getting smarter – here’s how to stay safe

    Hook, line and sinker: how to detect and protect your business from phishing attacks

    AI chatbot users beware – hackers are now hiding malware in the images served up by LLMs

    Experts warn this top GenAI tool is being used to build phishing websites

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    ChatGPT and other AI tools could be putting users at risk by getting company web addresses wrong

    Cyber Crime
    5 worrying ways AI is being used by cybercriminals to target millions of victims

    Top AI website builder Lovable hit in worrying cyberattack – here’s what we know

    Hackers are sneaking malware into SVG images to bypass antivirus – here’s what we know

    Thousands of organizations have a new, unexpected ’employee’ onboard – and it could be their single biggest security risk

    Can you spot an AI-generated scam?

    Malicious URLs and phishing scams remain a constant threat for businesses – here’s what can be done

    AI tools are making social engineering attacks even more convincing, and I fear that this is only the beginning

    Weaponized AI is making hackers faster, more aggressive, and more successful

    Phishing emails are getting smarter – and using some new tricks to snare victims

    Watch out – hackers are using AI to make phishing emails even more convincing

    Sead Fadilpašić

    26 September 2025

    No, you’re not looking at a blank PDF file

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    OpenVPN-protokollet – därför är det så bra
    (Image credit: Shutterstock)

    Hackers use AI tools to hide phishing code in SVG files disguised as business charts
    Malicious SVGs encoded payloads using business terms, decoded by hidden scripts to steal data
    Microsoft attributes the complex obfuscation to AI-generated code, not typical human-written malware

    We’ve all heard of Gen AI being used to craft bodies of convincing phishing emails, however Microsoft researchers have now discovered a campaign in which threat actors took AI use in phishing a step further – to better hide malicious code in plain sight.

    In a report shared with TechRadar Pro, Microsoft said it observed a new phishing campaign originating from a compromised email account belonging to a small business. The technique was nothing extraordinary – the attackers sent the message back to the compromised account, and targeted victims through the BCC field – a standard tactic to avoid being spotted.
    The email itself shared a malicious file whose goal was to harvest people’s login credentials. It was an SVG file disguised as a PDF. Nothing unusual here, as well. SVG files are scalable vector graphics used for web images. Since they support embedded scripts, they’re exploitable for phishing, as attackers can hide malicious JavaScript inside, bypassing filters and tricking users into clicking harmful links.

    You may like

    AI-powered phishing attacks are on the rise and getting smarter – here’s how to stay safe

    Hook, line and sinker: how to detect and protect your business from phishing attacks

    AI chatbot users beware – hackers are now hiding malware in the images served up by LLMs

    But then things get interesting.

    Unique method of obfuscation
    After analyzing the SVG code, Microsoft found that its method of obfuscation and behavior is rather unique.
    “Instead of using cryptographic obfuscation, which is commonly used to obfuscate phishing content, the SVG code in this campaign used business-related language to disguise its malicious activity,” the report reads.
    As it turns out, the attackers hid malware inside SVG files by making them look like normal business charts.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    The charts were invisible, so anyone opening the file would just see blank graphics.
    They also encoded the malicious code as a string of business words like “revenue” and “shares,” and a hidden script would then read those words, decode them, and turn them into actions like redirecting the browser to a phishing site, tracking the user, and collecting browser info.
    Essentially, the file looked harmless, but it secretly ran a program that stole data and tracked activity.
    This must have been the work of an AI, Microsoft added: “Microsoft Security Copilot assessed that the code was ‘not something a human would typically write from scratch due to its complexity, verbosity, and lack of practical utility.’”
    You might also like

    AI is making phishing emails dangerously convincing with better spelling, grammar and formatting
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    AI-powered phishing attacks are on the rise and getting smarter – here’s how to stay safe

    Hook, line and sinker: how to detect and protect your business from phishing attacks

    AI chatbot users beware – hackers are now hiding malware in the images served up by LLMs

    Experts warn this top GenAI tool is being used to build phishing websites

    Hackers are looking to steal Microsoft logins using some devious new tricks – here’s how to stay safe

    ChatGPT and other AI tools could be putting users at risk by getting company web addresses wrong

    Latest in Security

    Nearly 150,000 patient records exposed in major healthcare data breach – here’s what we know

    Microsoft flags dangerous XCSSET macOS malware targeting developers – so be on your guard

    US Government tells agencies to patch Cisco firewalls immediately, or face attack

    “AI security is identity security” – how Okta is weaving agents into the security fabric

    UK government says a new AI tool helped it recover almost £500 million in fraud losses – and now it’s going global

    Jaguar Land Rover facing costs of “millions per week” following cyberattack – due to a lack of insurance cover

    Latest in News

    Quordle hints and answers for Saturday, September 27 (game #1342)

    NYT Strands hints and answers for Saturday, September 27 (game #573)

    The UK wants mandatory digital ID – but over one million Brits are demanding to scrap the plan over privacy concerns

    NYT Connections hints and answers for Saturday, September 27 (game #839)

    How to watch Ballerina online from anywhere

    Facebook and Instagram will soon let UK users pay to avoid ads, but this is one subscription I won’t be signing up for

    LATEST ARTICLES

    Walmart has an RTX 5070 gaming PC on sale for $1,099 right now – yep, really

    The UK wants mandatory digital ID – but over one million Brits are demanding to scrap the plan over privacy concerns

    Microsoft flags dangerous XCSSET macOS malware targeting developers – so be on your guard

    Facebook and Instagram will soon let UK users pay to avoid ads, but this is one subscription I won’t be signing up for

    I used The Sims 4 Adventure Awaits to re-create Love Island, and this expansion is 100% my type

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like