Trending Topics

AI as Infrastructure: Covert C2 Relays and the Emergence of Prompt-Driven Malware

Security researchers at Check Point Research demonstrated that modern AI assistants with web-fetch or browsing capabilities can be repurposed as covert command-and-control relays, effectively turning trusted AI platforms into proxy infrastructure. By abusing anonymous web access in tools such as Microsoft Copilot and Grok, attackers can instruct the AI to fetch attacker-controlled URLs and return responses containing encoded commands. This enables bidirectional communication in which victim data is exfiltrated via URL parameters, and commands are delivered back via AI-generated summaries. Because the interaction occurs through legitimate AI web interfaces rather than traditional API keys, common defensive measures such as key revocation or account suspension become ineffective. The proof of concept showed that, even without authentication, AI services could be driven to fetch remote content and relay it as structured output. When paired with embedded browser components such as WebView2, malware can automate this flow without requiring visible user interaction. The result is C2 traffic that blends into normal enterprise AI usage, complicating detection and attribution. Instead of hardcoded decision trees, malware can collect host context such as domain membership, installed software, privilege level, and geography, then use AI to determine prioritization, lateral movement strategy, or whether the host is valuable enough to exploit further. This model-assisted triage can reduce predictable behavioral patterns and help actors evade sandbox analysis by externalizing decision-making. At the command-and-control layer, AI could automatically classify victims, prioritize high-value targets, or dynamically tailor payloads in real time. In ransomware scenarios, AI-based scoring of file metadata and content could enable highly targeted encryption or exfiltration, reducing noisy bulk operations and bypassing volume-based detection heuristics. The trajectory points toward AIOps-style C2 environments where AI systems act as orchestration engines for intrusion workflows. As AI platforms become normalized inside corporate networks, treating them as implicitly trusted traffic creates an emerging blind spot that adversaries are already exploring.

Android Banking Trojan Exploits IPTV Lures for Full Device Takeover

Threat Fabric has identified a new Android banking Trojan dubbed Massiv, a device takeover-focused malware family observed in targeted campaigns across southern Europe. Unlike many banking Trojans that reuse infrastructure or code from established strains, Massiv currently shows no direct links to other known malware families, indicating independent development. The malware combines overlay attacks, keylogging, SMS and push notification interception, and full remote-control functionality to enable fraudulent transactions directly from infected devices. In campaigns analyzed by researchers at ThreatFabric, Massiv specifically targeted Portugal’s government identity application gov[.]pt, harvesting credentials that could be used to bypass identity verification workflows. By abusing integrations with Chave Móvel Digital, operators can potentially access banking portals and authorize financial transactions under the victim’s identity. Investigators confirmed cases in which new bank accounts were opened in victims’ names, enabling money laundering and loan fraud schemes that left victims with significant financial liabilities. This positions Massiv not just as a credential-stealer but also as a platform for structured financial crime operations. From a technical standpoint, Massiv demonstrates modern Android malware design. It leverages AccessibilityService-based remote-control capabilities via its FuncVNC component, enabling near-real-time device manipulation over WebSocket-based command-and-control channels. Operators can switch between screen-streaming mode using the MediaProjection API and a stealthier “UI-tree mode” that reconstructs the device interface through AccessibilityNodeInfo traversal. The latter allows attackers to bypass screen-capture protections by extracting structured UI metadata, including text fields, element attributes, and screen coordinates, facilitating automated interaction without raw screenshots. Because IPTV apps are commonly sideloaded due to policy violations on Google Play, users are less suspicious of installing APKs from unofficial sources. In most cases, the IPTV app is merely a dropper that loads Massiv while displaying a legitimate-looking IPTV website in a WebView to preserve the illusion. Researchers observed IPTV-themed malware droppers targeting users in Spain, Portugal, France, and Turkey, reinforcing a broader pattern of mobile banking Trojans blending into high-risk but normalized sideloading ecosystems.

Emoji Smuggling: Unicode as an Obfuscation Layer for Modern Attacks

Emoji smuggling is an obfuscation technique that weaponises legitimate Unicode functionality to conceal malicious intent inside emoji, homoglyphs, invisible characters, and bidirectional text controls. Rather than exploiting a software vulnerability, attackers exploit a parsing gap between what humans visually perceive and what systems technically process. Homoglyph attacks replace Latin characters with visually identical Cyrillic or Greek letters to create convincing phishing domains and bypass string-based detection rules. Zero-width characters, such as U+200B, can fragment malicious keywords like “powershell” or “malicious_function” so they evade exact-match filters while remaining executable after interpretation. Emoji substitution schemes can also function as covert command channels, where each symbol maps to an operational instruction that malware decodes at runtime. Because many security tools still rely on ASCII-centric pattern matching without full Unicode normalization, these encoded payloads can pass through email gateways, logging systems, and data loss prevention controls unnoticed. The technique is effective precisely because it hides inside normal communication behavior rather than obvious exploit code. The implications extend beyond phishing and malware into modern AI and large language model deployments. Unicode manipulation can be used to bypass prompt filters, fragment restricted phrases, or encode malicious instructions that remain interpretable to the model but invisible to surrounding safeguards. Direction override characters can disguise file extensions, while invisible padding can manipulate context windows and suppress embedded safety instructions. In AI-assisted workflows, this creates the risk of prompt injection, encoded command generation, or covert data exfiltration through seemingly benign output. Defending against emoji smuggling requires layered mitigation strategies, including Unicode canonical normalization, homoglyph detection, stripping or flagging zero-width characters in structured inputs, strict field-level validation policies, anomaly monitoring for mixed-script usage, and AI input/output inspection that accounts for encoded or high-entropy Unicode patterns. Organizations must treat text parsing and encoding as security boundaries, not merely formatting concerns. Emoji smuggling demonstrates how subtle encoding tricks can undermine filtering logic, AI guardrails, and brand protection controls if foundational assumptions about text processing remain incomplete.

CRESCENTHARVEST: Protest-Themed Espionage Campaign Targeting Farsi-Speaking Activists and Dissidents

CRESCENTHARVEST is a targeted cyberespionage campaign leveraging Iran’s ongoing protests as a social engineering lure to infect Farsi-speaking individuals with a custom dual-module implant. Victims receive a protest-themed archive containing authentic images, a Farsi-language report, and malicious [.]LNK files disguised as media; when executed, the shortcut silently extracts a payload, establishes persistence via a network-triggered scheduled task, and launches decoy content to avoid suspicion. The malware is deployed through DLL sideloading using a signed Google binary, blending malicious activity with legitimate processes. Its first module abuses COM interfaces to decrypt Chrome’s app-bound encryption keys, while the second functions as a full-featured RAT and stealer capable of keylogging, browser credential harvesting, Telegram session theft, user enumeration, WMI-based security profiling, and command execution. Communications occur over HTTPS using JSON-formatted instructions routed through structured but inconsistently implemented C2 endpoints. Tradecraft, infrastructure choices, and protest-aligned victimology suggest alignment with Iranian interests, though definitive attribution remains unconfirmed. By combining timely social engineering, legitimately signed binaries, event-triggered persistence, and modular data theft, CRESCENTHARVEST prioritizes stealth and long-term access over immediate disruption. Its ability to bypass Chrome encryption, dynamically assess host security posture, and selectively exfiltrate high-value artifacts indicates intent beyond opportunistic crime. Operational inconsistencies such as unused C2 endpoints and malformed user-agent behavior may indicate rapid development or moderate maturity rather than a lack of capability. The use of fresh infrastructure and Cloudflare proxying further complicates attribution and detection. For at-risk communities, the campaign underscores the ongoing weaponization of political events as infection vectors and reinforces the need for strict file-handling discipline, hardware-backed MFA, and monitoring for LNK- and DLL-sideloading-based execution chains.