A sophisticated phishing malware using Scalable Vector Graphics (SVG) format has been identified. The malware embeds malicious scripts within SVG files, using Base64 encoding to bypass detection. It employs various techniques to obstruct analysis, including blocking automation tools, preventing specific keyboard shortcuts, disabling right-clicks, and detecting debugging attempts. The malware redirects users to a fake CAPTCHA page, which, when interacted with, leads to further malicious actions, potentially a phishing site impersonating Microsoft login pages. This evolving threat highlights the need for increased user vigilance, especially when dealing with SVG files from unknown sources.