ESET’s Threat Report for the first half of 2026 found that criminals are using AI less as a substitute for technical expertise than as a force multiplier. The technology is helping attackers prepare convincing lures, automate repetitive work, adapt malicious code and expand campaigns at a speed that would otherwise require larger teams.
The report, covering threat activity from December 2025 through May 2026, also recorded the highest level of QR-code phishing in the company’s telemetry. The technique, known as quishing, hides malicious links inside QR codes that victims scan with mobile phones, often moving the attack beyond the reach of email security systems designed to inspect ordinary web addresses.
Quishing campaigns exploit the routine use of QR codes for payments, menus, deliveries, authentication and workplace services. Attackers commonly place them inside emails or documents presented as account-verification notices, invoices, security alerts or human-resources messages. Victims are then directed to fraudulent login pages built to capture credentials or payment information.
The shift to mobile devices adds another layer of risk. A user scanning a code may see only a shortened or partially displayed address, while smaller screens make it harder to identify imitation websites. Mobile browsers may also lack the security controls applied to managed desktop systems.
AI-agent ecosystems emerged as another major concern. ESET examined about 900,000 “skills”, small software components that allow AI agents to browse websites, handle files, run commands and interact with external services. Around 25,000 were classified as suspicious and more than 3,000 as malicious.
Some of the harmful components incorporated established offensive tools, including Mimikatz and Impacket, which can be used for credential theft, network discovery and movement between compromised systems. Others could modify themselves, establish persistence or extract sensitive information. The findings underline the growing supply-chain risk around repositories from which users and developers download agent capabilities.
The number of unique skills examined rose from roughly 60,000 in March to almost 900,000 by May, reflecting the rapid expansion of agent-based AI. Security controls have struggled to keep pace with marketplaces where software components may be published, copied and installed with limited scrutiny.
Researchers also identified PromptSpy, described as the first known Android malware to use generative AI during its execution. Its emergence marks a move from criminals merely using AI to design attacks towards embedding the technology directly inside malicious software.
Such integration could allow malware to modify instructions, tailor behaviour to a device or generate commands dynamically. The practical capabilities remain constrained by access, cost and reliability, but the development shows how generative models can become operational elements within attack chains.
ClickFix, a social-engineering method that tricks users into executing malicious commands, also continued to spread. Detections doubled during the reporting period as attackers expanded beyond fake error notices into AI-themed support pages, browser environments, cloud-authentication workflows and workplace tools.
A typical ClickFix attack tells users that a document, browser feature or security check has failed. It then provides instructions that appear to resolve the problem but instead cause the victim to copy and run a command that downloads malware. The method is effective because the user performs the decisive action, allowing criminals to bypass some automated defences.
Ransomware activity remained elevated, supported by tools designed to disable endpoint detection and response systems before encryption or data theft begins. More than 100 so-called EDR killers are being tracked in active use. These tools attempt to stop, freeze or blind protective software so the main malicious payload can operate undetected.
The threat landscape still relies heavily on familiar weaknesses, including stolen passwords, unpatched systems, fraudulent messages and poorly governed third-party software. AI is increasing the efficiency and scale of those methods rather than replacing them with entirely new forms of intrusion.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.