AI tools sharpen cybercrime as quishing surges

Artificial intelligence is making cyber attackers faster and more effective while creating new security weaknesses through autonomous software tools, malware and increasingly sophisticated social-engineering campaigns.

ESET’s Threat Report for the first half of 2026 found that criminals are using AI less as a substitute for technical expertise than as a force multiplier. The technology is helping attackers prepare convincing lures, automate repetitive work, adapt malicious code and expand campaigns at a speed that would otherwise require larger teams.

The report, covering threat activity from December 2025 through May 2026, also recorded the highest level of QR-code phishing in the company’s telemetry. The technique, known as quishing, hides malicious links inside QR codes that victims scan with mobile phones, often moving the attack beyond the reach of email security systems designed to inspect ordinary web addresses.

ADVERTISEMENT

Quishing campaigns exploit the routine use of QR codes for payments, menus, deliveries, authentication and workplace services. Attackers commonly place them inside emails or documents presented as account-verification notices, invoices, security alerts or human-resources messages. Victims are then directed to fraudulent login pages built to capture credentials or payment information.

The shift to mobile devices adds another layer of risk. A user scanning a code may see only a shortened or partially displayed address, while smaller screens make it harder to identify imitation websites. Mobile browsers may also lack the security controls applied to managed desktop systems.

AI-agent ecosystems emerged as another major concern. ESET examined about 900,000 “skills”, small software components that allow AI agents to browse websites, handle files, run commands and interact with external services. Around 25,000 were classified as suspicious and more than 3,000 as malicious.

Some of the harmful components incorporated established offensive tools, including Mimikatz and Impacket, which can be used for credential theft, network discovery and movement between compromised systems. Others could modify themselves, establish persistence or extract sensitive information. The findings underline the growing supply-chain risk around repositories from which users and developers download agent capabilities.

The number of unique skills examined rose from roughly 60,000 in March to almost 900,000 by May, reflecting the rapid expansion of agent-based AI. Security controls have struggled to keep pace with marketplaces where software components may be published, copied and installed with limited scrutiny.

Researchers also identified PromptSpy, described as the first known Android malware to use generative AI during its execution. Its emergence marks a move from criminals merely using AI to design attacks towards embedding the technology directly inside malicious software.

Such integration could allow malware to modify instructions, tailor behaviour to a device or generate commands dynamically. The practical capabilities remain constrained by access, cost and reliability, but the development shows how generative models can become operational elements within attack chains.

ClickFix, a social-engineering method that tricks users into executing malicious commands, also continued to spread. Detections doubled during the reporting period as attackers expanded beyond fake error notices into AI-themed support pages, browser environments, cloud-authentication workflows and workplace tools.

A typical ClickFix attack tells users that a document, browser feature or security check has failed. It then provides instructions that appear to resolve the problem but instead cause the victim to copy and run a command that downloads malware. The method is effective because the user performs the decisive action, allowing criminals to bypass some automated defences.

Ransomware activity remained elevated, supported by tools designed to disable endpoint detection and response systems before encryption or data theft begins. More than 100 so-called EDR killers are being tracked in active use. These tools attempt to stop, freeze or blind protective software so the main malicious payload can operate undetected.

The threat landscape still relies heavily on familiar weaknesses, including stolen passwords, unpatched systems, fraudulent messages and poorly governed third-party software. AI is increasing the efficiency and scale of those methods rather than replacing them with entirely new forms of intrusion.



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Xsolla and Management and Science University (MSU) Sign Memorandum of Understanding (MOU) to Connect Future Game Developers With Global Commercial Opportunities // Shein targets $3 billion Hong Kong market debut // Game Boy telescope adapter files released free // Farage faces comic challenger in Clacton poll // SBI Funds draws sovereign wealth funds to IPO // Paymentology and T2P partner to accelerate the future of card issuing in Thailand // Inflation In India Rising Sharply Since January 2026, Highest In June // A SIM Guide to Comparing Graduate Salaries and Employability in Singapore // DITP Launches THAI SELECT Festival 2026 in New York to Strengthen U.S. Market Opportunities for Thailand’s Food Industry // Armacell Deepens Asia‑Pacific Industry Engagement to Drive Energy Efficiency, Sustainability and Fire Safety // Trump scraps Hormuz levy but tightens Iran blockade // HKSTP Park Company Wins 2nd Runner-Up in Rocket Fuel East Startup Competition // Dubai diamond trade reaches record $41.7 billion // Central & Western District Youth-to-Career Explo Connects Hong Kong Youth to Future Careers in AI Era // Louis Vuitton Celebrates 130 Years of the Monogram // Copilot workflow bypass exposes critical safety gap // AI-Generated Deepfakes Are Eroding Social Trust // Dubai-Botswana pact opens new commodity trade corridor // First Energy Africa Oil Corp. Strengthens Board with Appointment of Industry Veterans Simon Akit and Frederick Kozak // Masdar secures $5.1 billion for round-the-clock solar //