AI威胁态势报告+AI+Threat+Landscape+Report_第1页
AI威胁态势报告+AI+Threat+Landscape+Report_第2页
AI威胁态势报告+AI+Threat+Landscape+Report_第3页
AI威胁态势报告+AI+Threat+Landscape+Report_第4页
AI威胁态势报告+AI+Threat+Landscape+Report_第5页
已阅读5页,还剩90页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

TABLEOF

CONTENTS.

·AITHREATLANDSCAPEREPORT2026

ExecutiveSummary

3

AIPhishing&SocialEngineering

5

HowthreatactorsareusingAIinPhishing&socialengineeringattacks

7

AIPhishingIsOutpacingDefenderCapacity

8

NotableAttackCases

10

AI-assistedMalwareAttacks

11

NotableMalwareCases

12

ThreatActorsOperationalizingAIAcrossCampaignWorkflows

15

NotableThreatActorsUsingAIinCampaigns

18

TheuseofAIbyFinancially&IdeologicallyMotivatedThreatActors

23

SupplyChainAttacks:PoisoningtheEcosystemfromtheInside

28

MaliciousAIModelsandPackagesinOpenEcosystems

29

TeamPCPSupplyChainCompromise

30

MaliciousSkillsinAIAgentMarketplaces

30

AICodingAgentDependencyPoisoning

31

AI-SpecificVulnerabilities

32

PromptInjection

33

JailbreakingandGuardrailBypass

33

DataPoisoningandTrainingDataAttacks

33

MemoryandContextManipulation

34

AgenticAIExploitation

34

RAGandVectorStorePoisoning

34

APIandAccessControlAbuse

34

AdversarialInputs

35

AIImpersonationAttacks:MalwareandPhishingCam-paignsAbusingAIBrandTrust

36

NotableIncidents

37

DarkAIMarketplace:UndergroundLLMServicesSoldtoCy-bercriminals

40

ClosingThoughts

44

References

45

2

©2026CybleInc.Allrightsreserved.

AITHREATLANDSCAPEREPORT2026

©2026CybleInc.Allrightsreserved.3

EXECUTIVESUMMARY

Thecyberthreatlandscapehasenteredanewphase,onedefinednotby

thesophisticationofindividualattackersbutbytheindustrializationofattack

operations.AIhasmovedfromanexperimentalcapabilityintooperational

infrastructure,anditsimpactisnowvisibleacrosseverymajorcategoryof

cyberthreat.

Threatactorsarenotreinventingtheirplaybooks;theyarecompressingthemosttime-consumingparts.Reconnaissancethatoncetookdays,phishingcontentthatoncerequirednative-languagespeakers,malwarethatoncedemandedskilleddevelopers,andsocialengineeringthatoncedependedondirecthumaninteractionareallbeingacceleratedbyAItoolsthatarewidelyaccessible,inexpensive,andincreasinglyindistinguishablefromlegitimateuse.

Acrossalldisruptedoperations,noevidencehasbeenfoundthatAIprovidesthreatactorswithnovelcapabilitiestheycouldnototherwiseobtain,buttheaccelerationitselfhassignificantconsequencesfordefenders.

Thisreportexamineshowthatshiftisplayingoutacrosseightinterconnectedthreatareas.AIisbeingweaponizedacrosstheentireattacklifecycle,fromAI-generatedphishinganddeepfakesocialengineeringtoLLM-assistedmalwaredevelopment,runtimecodegeneration,andself-rewritingevasiontechniques.

Nineteenconfirmedthreatactorgroups,spanningRussian,Chinese,Iranian,

NorthKorean,andfinanciallymotivatedcriminaloperators,havebeen

observedintegratingAIintotheircampaigns,usingitforreconnaissance,lure

generation,vulnerabilityresearch,malwaredevelopment,andtrusted-service

abuse.

Atthesametime,theAIsupplychainhasbecomeanactiveattacksurface,

withthreatactorspoisoningmodelrepositories,compromisingCI/CDpipelines,

manipulatingagentskillmarketplaces,andengineeringmaliciouspackages

specificallydesignedtodeceiveAIcodingassistantsratherthanhuman

developers.

AITHREATLANDSCAPEREPORT2026

©2026CybleInc.Allrightsreserved.4

AIsystemsthemselvesarenowprimarytargets.Thevulnerabilitiesbeingexploited,promptinjection,jailbreaking,datapoisoning,memorymanipulation,agenticexploitation,RAGpoisoning,andAPIabuse,donotrequireexploitingtraditionalsoftwareflaws.

Theyrequireunderstandinghowamodelprocessesinstructions,retrievesinformation,storescontext,andinteractswithconnectedtools.Inparallel,threatactorsareexploitingthetrustusersplaceinAIbrands,impersonatingChatGPT,Claude,DeepSeek,andGeminithroughfakeinstallersites,maliciousbrowserextensions,andsharedconversationlinkshostedontrustedAIplatformdomains.

UnderpinningallofthisisastructuredundergroundAImarketplacewhere

purpose-builtmaliciousmodels,jailbrokencommercialwrappers,andspecialist

attack-as-a-serviceplatformsaresoldthroughdarkwebforums,Telegram

channels,andprivatenetworks,usingsubscriptionmodels,lifetimelicenses,

andone-timeflatfeesthatmakeAI-assistedattackcapabilityaccessibleto

anyoperatorregardlessoftechnicalskill.

WhatstartedasahandfulofexperimentaltoolshasmaturedintoacriminalecosystemthatmirrorsthecommercialmechanicsoflegitimateSaaS,withversionedproductupdates,tieredpricing,anddedicatedsupportcommunities.

Theconvergenceofthesetrendsdefinesthecurrentthreatenvironment.AIisnotsimplyaddingnewtoolstoattackerplaybooks;itisconnectingandacceleratingtheentireoperation.

Organizationsthathavenotyetupdatedtheirsecuritystrategiestoaccount

forAI-enabledthreatsfacealandscapewherethequalityfloorofattackshas

risensharply.Thetechnicalbarriertoentryhasdroppedsignificantly,andthe

defenders’traditionaldetectionsignals,suchaspoorgrammar,knownmalware

signatures,andrecognizableattackinfrastructure,arebecomingunreliable.

Aneffectiveresponserequiresafundamentalrethinkofhowsecurityteams

detectthreats,validateidentities,governAI-integratedworkflows,andbuild

resilienceagainstattackchainsthatcombinemultipleAI-enabledtechniques

inasingleoperation.

AITHREATLANDSCAPEREPORT2026

AIPHISHING&SOCIALENGINEERING

©2026CybleInc.Allrightsreserved.5

·AITHREATLANDSCAPEREPORT2026

Phishinghaslongbeenthemostcommonandcostlyentrypointforcyberattacks.AIhasnotchanged

thatreality;ithasmadeitsignificantlyworse.WhatAIintroducesisnotanewtypeofattackbutadramatic

improvementinthequality,speed,andscaleatwhichexistingattackscanbeexecuted.

Defendersthatoncereliedonspottingpoorgrammar,awkwardphrasing,orgenerictemplatesnowfacecampaignsthatarepolished,contextuallyaware,andpersonalizedatscale.

ThescaleofAI’simpactonphishingisnolongerspeculative.Datafromacrosstheindustrypaintsaconsistentpictureofacceleration:

AIPHISHINGBYTHENUMBERS

KeyindicatorsshowingtherapidgrowthandeffectivenessofAI-drivenphishing

nl

1,265%

spike

Phishingattackshave

increasedby1,265%since

ChatGPT'slaunchinlate

2022,markingoneofthe

sharpestescalationsin

thehistoryofthe

82.6%

14xsurge

InDecember2025,

AI-generatedphishing

attackssurged14x,with

theirshareofallreported

attacksrisingfrom4%to

56%overtheholiday

season-atrendthat

continuedinto2026.

24-54%

moreeffective

82.6%ofphishingemails

nowcontain

AI-generatedelements,

showinghowdeeply

automatedtoolinghas

becomeembeddedin

attackworkflows.

AIphishingisnow24-54%

moreeffectivethan

traditionalhuman-crafted

methods,withAI-generated

emailsachievinga54%

click-throughrate

comparedto12%for

manual

AIisreshapingphishingatscale-faster,moreconvincing,andfarmoreeffective.

•InDecember2025,AI-generatedphishingattackssurged14x,withtheirshareofallreportedattacksjumpingfrom4%to56%overtheholidayseason,atrendthatheldinto2026.

•AIphishingisnow24–54%moreeffectivethantraditionalhuman-craftedmethods,withAI-generatedemailsachievinga54%click-throughratecomparedtojust12%formanualattempts.

•82.6%ofphishingemailsnowcontainAI-

generatedelements,reflectinghowdeeply

automatedtoolinghasembeddeditselfinto

attackworkflows.

•Phishingattackshavespiked1,265%sinceChatGPT’slaunchinlate2022,markingoneofthesharpestescalationsinthehistoryofthethreat.

©2026CybleInc.Allrightsreserved.6

©2026CybleInc.Allrightsreserved.7

AITHREATLANDSCAPEREPORT2026

HowTHREATAcToRsAREUslNBAllNPHlsHlNB&SoclALENBlNEERlNBATTAcks

AIisenhancingphishing,socialengineering,andattackpreparation

<>

3.AI-generatedphishingkits

InNovember2025,a

phishingkittrackedas

COINBAITwasidentified,

withdevelopmentlikely

acceleratedbyAI

code-generationtools.

Itimpersonatedamajor

cryptocurrency

exchangeanduseda

polishedReact

singleapplication

builtwithLovableAIto

harvestcredentials.

4.Deepfake-enabledsocialengineering

Threatactorsare

cloningexecutive

voicesandvideo

footagetosupport

fraudandtargeted

intrusions.Inone

February2024case,

deepfake

impersonation

contributedtoa$25.6

millionfraud,showing

howfakevideocalls

andAI-generated

personasarebecoming

operationaltools.

2.Luregenerationandpersonalization

LLMshelpgenerate

hyper-personalized,

culturallynuancedlures

thatmirrorthetoneofa

targetorganizationor

locallanguage.This

reducesthe

grammaticaland

contextualerrors

defendershave

historicallyreliedonto

spotphishingattempts.

1.Reconnaissance

andtargetdevelopment

ThreatactorsuseLLMsto

rapidlysynthesize

open-sourceintelligence,

profilehigh-valuetargets,

identifykey

decision-makers,andmap

organizationalhierarchies.

Thisresearchhelps

attackersbuildphishing

luresusingjobtitles,project

names,reporting

relationships,andrealistic

communicationstyles,

compressingdaysof

manualworkintohours.

Reconnaissanceandtargetdevelopment

AIistransformingthepreparationphasethat

makesphishingattackscredibleinthefirst

place.State-sponsoredactorsareusingLLMs

torapidlysynthesizeopen-sourceintelligence,

profilehigh-valuetargets,identifykeydecision-

makerswithindefensesectors,andmap

organizationalhierarchies.

Theoutputofthatresearchfeedsdirectlyintophishinglures,personalizedwithjobtitles,internalprojectnames,reportingrelationships,andcommunicationstylesthatmakemessagesappeartocomefromaknownandtrustedsourceratherthananunknownattacker.

Whatoncetookateamdaysofmanualresearchcannowbecompletedbyasingleoperatorinhours,beforeasinglephishingemailissent.

Luregenerationandpersonalization

LLMsallowthreatactorstogeneratehyper-personalized,culturallynuancedluresthatmirrortheprofessionaltoneofatargetorganizationorlocallanguage,largelyerasingthegrammatical

andcontextualtellsthatdefendershavehistoricallyreliedontoidentifyphishingattempts.

AI-generatedphishingkits

InNovember2025,aphishingkit,trackedasCOINBAIT,wasidentified,withitsconstructionlikelyacceleratedbyAIcode-generationtools.Thekitmasqueradedasamajorcryptocurrencyexchangetoharvestcredentials.ItwasbuiltusingtheAI-poweredplatformLovableAI,wrappingtheoperationinafullReactsingleapplicationwithcomplexstatemanagement,alevelofsophisticationindicativeofcodegeneratedfromhigh-levelprompts.

Deepfake-enabledsocialengineering

Threatactorshaveclonedvideofootageandvoicerecordingsofexecutivestoconvinceemployeestotransfersubstantialfunds,withoneincidentinFebruary2024resultingina$25.6millionfraud.Deepfakeuseisnowmovingbeyondisolatedincidentstoactivecampaigninfrastructure,withthreatactorsdeployingfakevideocallsandAI-generatedpersonasasstandardcomponentsoftargetedintrusions.

©2026CybleInc.Allrightsreserved.8

AITHREATLANDSCAPEREPORT2026

AIPhishingIsOutpacingDefenderCapacity

Beyondenablingfastercampaignexecution,AI-poweredphishingiscreatingasecondarycrisisinsideSecurityOperationsCenters,onethatcompoundsthethreatbydegradingtheveryteamsresponsibleforcatchingit.

•AI-generatedluresnowarriveinhighvolumeswithenoughvariationtoappearunique,eliminatingtheabilitytoidentifyanddismisssimilaralertsinbulkandforcingindividualreviewofeverycase.

•Polishedimpersonationandcontextualpersonalizationhaveremovedthequickvisualjudgmentsanalystsoncereliedon,makingeachalertmoretime-consumingtoinvestigatethanbefore.

•Short-livedinfrastructureandfreshlyregistereddomainsreturninconclusiveresults

fromreputation-basedtools,pushingmoreoftheanalyticalburdenontohumanreviewers.

•Asthevolumeofuncertaincasesgrows,experiencedanalystsarepulledawayfromcomplex,high-riskthreatstorevisitalertsthatwereneverfullyresolved.

•High-riskincidents,credentialtheft,malwaredelivery,andtargetedintrusionsincreasinglygetburiedinthenoise,wideningthewindowbetweeninitialaccessanddetection.

•Theasymmetryisstructural:AIreducesthecostandeffortoflaunchingattackswhilesimultaneouslyraisingthecostandeffortofdefendingagainstthem,agapthatwidenswitheveryimprovementinattackertooling.

High-VolumeVariation

AI-generatedluresnowarriveinhighvolumeswith

enoughvariationtoappearunique,preventing

analystsfromidentifyinganddismissingsimilaralertsinbulkandforcingindividualreviewofeverycase.

SlowerTriage

Polishedimpersonationandcontextualpersonalizationhaveremovedthequickvisualjudgmentsanalystsoncereliedon,makingeachalertmoretime-consumingto

investigatethanbefore.

WeakReputationSignals

Short-livedinfrastructureandfreshlyregistereddomainsreturninconclusiveresultsfrom

reputation-basedtools,pushingmoreoftheanalyticalburdenontohumanreviewers.

AnalystOverload

Asthevolumeofuncertaincasesgrows,experiencedanalystsarepulledawayfromcomplex,high-risk

threatstorevisitalertsthatwereneverfullyresolved.

High-RiskIncidentsBuried

Credentialtheft,malwaredelivery,andtargeted

intrusionsincreasinglygetburiedinthenoise,wideningthewindowbetweeninitialaccessanddetection.

StructuralAsymmetry

AIreducesthecostandeffortoflaunchingattackswhilesimultaneouslyraisingthecostandeffortofdefendingagainstthem,agapthat

widenswitheveryimprovementinattackertooling.

Al-powEREDpHlsHlNBlscREATlNBAsEcoNDARycRlslslNslDESEcuRlTyOpERATloNsCENTERs

BylNcREAslNBANALysTwoRkLoADANDsLowlNBDETEcTloN.

©2026CybleInc.Allrightsreserved.9

NOTABLEATTACKCASES

ExamplesofhowthreatactorsareusingAIinphishingandsocialengineeringcampaigns

UNC1069—CryptocurrencySectorTargeting

ANorthKoreanthreatactorcompromisedaTelegramaccountbelongingtoacryptocurrencyexecutive,builtrapportwiththevictim,andsentaCalendlylinktoaspoofedZoommeeting.Duringthecall,thevictimsawwhatappearedtobeadeepfakeCEOandwasguidedthroughaClickFixattackthatlaunchedamulti-stageinfectionchain,ultimatelydeployingsevenmalwarefamiliestostealcredentials,browserdata,sessiontokens,andcryptocurrencywalletinformation.

APT42—IranianState-SponsoredPhishingAugmentation

APT42usedgenerativeAImodels,includingGemini,toenhancereconnaissanceandtargetedsocialengineering.ThegroupusedAItosearchforofficialemailaddresses,researchpotentialbusinesspartners,andcreatepersonastailoredtoeachtarget’sbiographytoimproveengagement.

FAMOUSCHOLLIMA—FakeLinkedinProfilesandJobInterviews

TheDPRK-associatedgroupFAMOUSCHOLLIMAusedGenAItocreaterealisticLinkedinprofileswithbelievablebackgroundsandAI-generatedprofileimagestodeceiverecruiters,andpotentiallyusedAItogenerateplausibleresponsesduringjobinterviewsaspartofeffortstoinfiltrateprivatecorporations.

ClickFixcampaignviaAIPlatforms

InDecember2025,threatactorsabusedthepublicsharingfeaturesofgenerativeAIservicessuchasChatGPT,Copilot,DeepSeek,Gemini,andGroktohostdecep-tivesocialengineeringcontent.AttackersmanipulatedAItoolsintogeneratingseeminglylegitimatetroubleshootinginstructionscontainingmaliciouscommands,thenpromotedtrusted-domainsharelinksthroughmaliciousadvertisingtodistributeinformation-stealingmalwaretargetingWindowsandmacOS.

theGOVERSHELLbackdoor.OpenAIlaterconfirmedthatthegroupusedChatGPTtohelpcraftphishingemailsandassistinmalwaredevelopment.Asthecampaignmatured,theactorshiftedtorapport-buildingphishingthroughmulti-emailconversationsbeforedeliveringamaliciouslink.

AI-AssistedBiometricPhishing-BrowserPermissionAbuseActivesinceearly2026,thiscampaignusedluressuchas“IDScanner,”“TelegramIDFreezing,”and“HealthFundAI”totrickvictimsintograntingbrowsercameraandmicrophoneaccess.Onceapproved,maliciousscriptscapturedliveimages,video,audio,devicedetails,contactinformation,andapproximatelocation,thenexfiltratedthedatatoattacker-controlledTelegrambots.Emoji-basedformattingandstructuredannotationsinthecodesuggestgenerativeAImayhavebeenusedtoacceleratescriptdevelopment.

InboxPrimeAI-Phishing-as-a-ServiceKit

FirstobservedinOctober2025,InboxPrimeAIisaphishingkitbuiltforundergroundcybercrimenetworks.ItsAI-poweredemailgeneratorcreatesphishingemailsfromsimpleinputssuchastopic,tone,language,andindustry.Itusesspintaxtovarymessages,includesabuilt-inspamcheckertoreducedetection,andauto-matessenderidentityrotationacrosscompromisedGmailaccountstoimitatelegitimateusers,vendors,orexecutives.

Keytakeaway:AIisbeingusedtoimprovetargeting,scaledeception,andincreasethecredibilityofsocialengineeringoperations.

UTA0388—China-AIignedSpearPhishingwithLLMAssistance

ica,Asia,andEuropewithphishingemailsimpersonatingseniorresearchersfromfabricatedinstitutions.The

UTA0388targetedorganizationsacrossNorthAmer-campaigndeliveredamaliciousarchivecontaining

1

2

3

4

5

6

7

UNC1069:Targetingthecryptocurrencysector

NorthKoreanthreatactorUNC1069compromisedaTelegramaccountbelongingtoacryptocurrencyexecutive.ItusedittobuildrapportwithavictimbeforesendingaCalendlylinktoaspoofedZoommeetinghostedonattacker-controlledinfrastructure.Duringthecall,thevictimwaspresentedwithwhatappearedtobeadeepfakevideoofaCEOfromanothercryptocurrencycompany.

ThethreatactorthenexecutedaClickFixattack,directingthevictimtoruntroubleshootingcommandsthatinitiatedamulti-stageinfectionchain,ultimatelydeployingsevendistinctmalwarefamiliesdesignedtoharvestcredentials,browserdata,sessiontokens,andcryptocurrencywalletinformation.

APT42:Iranianstate-sponsoredphishingaugmentation

TheIraniangovernment-backedgroupAPT42

leveragedgenerativeAImodels,including

Gemini,tosignificantlyaugmentreconnaissance

andtargetedsocialengineering,usingAIto

searchforofficialemailaddressesofspecific

entities,researchpotentialbusinesspartnersto

establishcrediblepretexts,andcraftpersonas

tailoredtoeachtarget’sbiographytomaximize

engagement.

FAMOUSCHOLLIMA:FakeLinkedInprofilesandjobinterviews

DPRK-associatedgroupFAMOUSCHOLLIMA

usedGenAItocreaterealisticLinkedInprofiles

completewithbelievablebackgroundsandAI-

generatedprofileimagestodeceiverecruiters,

andpotentiallyleveragedAItogenerateplausible

responsesduringjobinterviewsaspartofa

campaigntoinfiltrateprivatecorporations.

©2026CybleInc.Allrightsreserved.10

·AITHREATLANDSCAPEREPORT2026·········

ClickFixcampaignsviaAIplatformsInboxPrimeAI:Phishing-as-a-servicekit

InDecember2025,threatactorsbeganabusingtheFirstobservedinOctober2025,InboxPrimeAI

public-sharingfeaturesofgenerativeAIservices,isapurpose-builtphishingkitrapidlygaining

includingChatGPT,Copilot,DeepSeek,Gemini,adoptionacrossundergroundcybercrime

andGrok,tohostdeceptivesocialengineeringnetworks.AtitscoreisanAI-poweredemail

content.BymanipulatingAItoolsintogeneratinggeneratorthatproducesfullycomposedphishing

seeminglylegitimatetroubleshootinginstructionsemailsfromahandfulofdropdowninputs,topic,

withembeddedmaliciouscommands,attackerstone,language,andindustry,eliminatingthe

createdshareablelinkshostedontrustedAIneedforanycopywritingskill.

platformdomains,whichwerethenpromoted

throughmaliciousadvertisingtodistributeTheAIenginealsoappliesspintaxvariations,so

WindowsandmacOSsystems.activelyevadingsignature-basedfilters.Abuilt-

information-stealingmalwaretargetingbothnotworecipientsreceiveidenticalmessages,

inspamcheckerthenanalyzeseachgeneratedUTA0388:China-alignedspearphishingwithemailandsuggestscorrectionstoremove

LLMassistancedetectiontriggersbeforesending.Ontopof

this,thekitautomatessenderidentityrotation

UTA0388isaChina-alignedthreatactortargetingacrosscompromisedGmailaccounts,mimicking

organizationsacrossNorthAmerica,Asia,andtheidentitiesoflegitimateusers,vendors,or

.

fromfabricatedinstitutions,sociallyengineering

Europe.Emailsimpersonatedseniorresearchersexecutiveswithhighfidelity

targetsintoclickinglinksthatledtoamaliciousTheconvergenceofAI-generatedlures,deepfake

archivecontainingtheGOVERSHELL

backdoor.social

engineering,andAI-builtphishing

OpenAIlaterconfirmedthatUTA0388leveragedinfrastructurecreatesanenvironmentwhere

ChatGPTtocraftphishingemailsandassistintraditionaldetectionsignalsarenolonger

malwaredevelopment.reliable.Campaignsthatoncerequireddaysof

preparationandleftvisibletracesoferrorcan

.

Asthecampaignmatured,thegroupshiftedtonowbeproducedinhoursbyasingleoperator

rapport-buildingphishing,establishingbenign

Recommendations

•Enforcehardware-basedMFA(FIDO2/passkeys)onallcriticalsystems;stolencredentialsalonebecomeuselesswithoutthephysicalkey

•Nevertrustvoiceorvideocallsasidentityverification;alwaysconfirmhigh-stakesrequestslikefundtransfersthroughaseparate,pre-establishedcontactmethod

•Retrainstafftounderstandthatpolishedwriting,familiarfaces,andtrustedplatforms(Zoom,Calendly,AItools)arenolongerreliablesignalsoflegitimacy

•EnforceDMARC,DKIM,andSPFonalldomains,andreplacesignature-basedemailfilterswithbehavioralAI-drivendetectionthatdoesn’trelyonspottingerrors

•Requiredualauthorizationandout-of-bandconfirmationforanyfinancialoraccess-changerequest,regardlessofhowlegitimatethesourceappears

•Auditandminimizeyourorganization’spublicfootprintonLinkedInandcompanywebsites;AIreconnaissancetoolsharvestthisdatatocraftpersonalized,convincinglures

multi-emailconversationswithtargetsbefore

introducingamaliciouslink.Signsofunsupervised

LLMusagewereevidentthroughout:emails

simultaneouslyusedthreedifferentidentities

acrossthefriendlyname,senderaddress,and

signatureblock;fabricatedphonenumbers

followedsequentialpatterns;andsometargets

receivedemailsentirelyinthewronglanguage.

AI-assistedbiometricphishing:Browser

permissionabuse

Activesinceearly2026,awidespreadsocial

engineeringcampaignluredvictimsthrough

themessuchas“IDScanner,”“TelegramID

Freezing,”and“HealthFundAI”,trickingusersinto

grantingbrowser-levelcameraandmicrophone

accessundertheguiseofidentityverificationor

accountrecovery.

Oncepermissionsweregranted,malicious

scriptssilentlycollectedliveimages,video

recordings,audio,devicespecifications,contact

details,andapproximatelocation,exfiltrating

everythingtoattacker-controlledTelegrambots.

Analysisofthecampaign’scoderevealedemoji-

basedformattingandstructuredannotations

embeddedwithintheoperationallogic,patterns

increasinglyassociatedwithgenerativeAIbeing

usedtoacceleratemaliciousscriptdevelopment.

©2026CybleInc.Allrightsreserved.11

AITHREATLANDSCAPEREPORT2026

AI-assistedMalwareAttacks

Malwareoperationsaremovingintoamoreadaptiveph

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论