ESET warns of AI abuse & quishing surge in attacks
Thu, 9th Jul 2026 (Yesterday)
ESET has published its H1 2026 Threat Report, warning that cyber criminals are abusing AI agent tools and QR-code phishing at growing scale.
The cybersecurity company analysed nearly 900,000 AI skills - small functional components used by AI agents - and found tens of thousands that were suspicious and thousands that were malicious. The data covered threat activity observed between December 2025 and May 2026.
According to the findings, malicious AI skills rose fivefold between March and May 2026. Threat actors used these skills to access systems, exfiltrate data, download and run malware, and override user instructions.
Researchers also found that AI is beginning to appear inside malware itself. ESET identified what it described as the first known Android malware to use generative AI in its execution flow, under the name PromptSpy.
Anton Mäčko, an ESET malware analyst, said the misuse of AI skills now spans several established forms of cyber attack.
"AI skills can enable a wide range of agentic AI abuses, from automated reconnaissance and red-team-style attacks to spam generation, malware modification, and distribution. Adversaries will likely keep testing these approaches to bypass controls, including by obfuscating intent or using region-specific, niche, or constructed languages.
"As agentic capabilities mature, they could power more advanced attack chains, from supply-chain compromise and typosquatting at scale to rapid adoption of sophisticated techniques emerging in the threat landscape. Combined with AI-enhanced phishing and spam, AI-driven malware generation or modification could make campaigns faster, cheaper, and harder to detect, making agentic AI abuse a key area for defenders to monitor," Mäčko said.
ClickFix growth
The report also highlighted a resurgence in ClickFix, a social engineering method that uses fake prompts and error messages to trick users into taking harmful actions. Detections of ClickFix attacks increased by 108%.
Researchers said the tactic has moved beyond fake CAPTCHA pages and now appears in spoofed AI help pages, browser extensions, and cloud authentication scenarios. In some cases, attackers used branding associated with Anthropic, OpenAI, and Microsoft Copilot to make the pages appear credible.
ESET described one strand of this activity as "AI-fix", in which attackers embed compromise chains in AI-generated troubleshooting content for problems that do not exist. Another variant, "ConsentFix", combines the user interaction style of ClickFix with abuse of OAuth authorisation flows to take over cloud accounts without directly stealing passwords.
This approach can bypass multifactor authentication because it relies on legitimate sign-in workflows and token theft rather than traditional credential theft. Detections of this vector more than doubled between the second half of 2025 and the first half of 2026.
Quishing records
QR-code phishing, often known as quishing, was the fastest-growing email attack vector in the period covered by the report. ESET said the first quarter saw a 146% quarterly increase in quishing activity.
About 11% of all detected phishing emails in H1 2026 used QR codes. The tactic shifts victims from desktop or laptop environments to mobile devices, where security checks may be weaker and users may be more inclined to trust a scanned code.
The highest shares of detections were recorded in the United States, Spain, and Mexico, accounting for 19%, 17%, and 6% respectively. Attackers use QR codes to hide malicious links from inspection tools and exploit trust in the square barcode format.
Ransomware pressure
Elsewhere, the report said ransomware activity continued to rise even as the proportion of victims willing to pay fell to historic lows. ESET cited industry research showing that only 14% to 28% of victims now pay.
Attackers also continue to use so-called EDR killers, tools intended to disable security software during an attack. ESET researchers have documented more than 100 different EDR killers in use, with new variants appearing regularly.
Jiří Kropáč, Director of Threat Prevention Labs at ESET, said attackers were adapting familiar methods to new technology and user habits.
"Rather than relying on entirely new methods and tools, attackers are quickly adapting established techniques to new platforms, technologies, and user behaviors. The number of AI skills within this new ecosystem is growing rapidly as we speak, further expanding the attack surface," Kropáč said.
He also pointed to the malware findings as an early sign of how AI could be folded into malicious software.
"On the other hand, PromptSpy illustrates the potential for increased flexibility in future threats, although guardrails against abuse included in LLMs are likely slowing adoption," Kropáč said.