The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The Co-op fights attempted hack as M&S cyber attack rages on
April 30, 2025
The Co-op has been forced to shut off parts of its IT systems after it was confronted with an attempted hack. The Manchester-headquartered group has confirmed some of its back office and call centre services have been impacted. However, it added that all its stores, including grocery and funeral homes are trading as usual. It comes ...
- Phishing Domains Associated with LabHost PhaaS Platform Users
April 29, 2025
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. Prior to being disabled by law enforcement in April 2024, LabHost was one of the world’s largest PhaaS providers, offering a range of illicit services for approximately ...
- Gremlin Stealer: New Stealer on Sale in Underground Forum
April 29, 2025
Unit 42 researchers have identified new information-stealing malware written in C#, called Gremlin Stealer. This stealer’s authors have actively advertised it on a Telegram group since mid-March 2025. This information-stealing malware exfiltrates data from its victims and uploads this information to its web server for publication. It can capture data from browsers, the clipboard and the ...
- Outlaw cybergang attacking targets worldwide
April 29, 2025
In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its operations. Previous research described Outlaw samples obtained from honeypots. In this ...
- M&S: WFH staff locked out of systems amid cyber attack fallout
April 28, 2025
M&S has shut remote-working employees out of some of its IT systems as it struggles to recover from the fallout of a cyberattack last week. The high street giant closed some of the programmes that staff use to log into the internal IT systems when working outside of the office, The Times reported. Cybersecurity experts said ...
- Android malware turns phones into malicious tap-to-pay machines
April 24, 2025
Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that ...