AI Brands Exploited in Social Engineering Campaigns to Steal Data and Deploy Malware

Threat actors are increasingly capitalizing on the global fascination with artificial intelligence, using prominent AI brands such as ChatGPT, Microsoft Copilot, DeepSeek, and Anthropic's Claude as lures in social engineering campaigns. These attacks, which do not involve breaches of the AI services themselves, manifest as phishing emails, malvertising, and search engine optimization (SEO) driven schemes aimed at harvesting user credentials, committing financial fraud, or distributing malware.

While traditional social engineering tactics like fake invoices or payment notifications remain prevalent, the adoption of AI-themed lures signifies a notable shift in threat actor strategies. This trend is expected to persist, with both cybercriminal groups and nation-state actors likely to continue exploiting user curiosity and trust in emerging technologies. Microsoft Threat Intelligence has observed initial access brokers, such as Storm-3075, employing AI-themed malvertising to deliver payloads, including malware signed by the malware-signing-as-a-service (MSaaS) offering attributed to the financially motivated threat actor Fox Tempest, on behalf of various downstream actors.

A specific ChatGPT-themed phishing campaign detected on May 5, 2026, targeted users primarily in South Africa (97%), with a broader campaign also affecting targets in Switzerland and Austria. This campaign, which sent approximately 4,500 emails, used urgent payment update lures to trick recipients into providing credit card details and personal information. The emails, impersonating ChatGPT's "ChatGPT Plus" subscription service, warned users of account downgrades if payment methods were not updated within seven days.

The attack chain involved a multi-stage redirection process designed to evade detection and exploit the reputation of legitimate domains. Emails contained a deceptive "Update payment method" button that led users through a series of redirectors, including legitimate services like Bitrix24 and Amazon's awstrack.me, and a URL shortener, before finally landing on a compromised domain hosting the phishing page. This technique helps threat actors bypass email filters and obscure their true infrastructure.

Upon reaching the phishing page, users were first presented with a custom CAPTCHA, followed by a form requesting personal information such as first name, last name, and address. The final stage of the phishing kit then prompted victims to enter sensitive financial details, including credit card number, expiration date, and card verification code, completing the credential harvesting process.

In a separate campaign observed between April 20 and 22, 2026, threat actors impersonated Anthropic's Claude AI platform. This campaign targeted users across more than 2,000 organizations, predominantly in the United States, United Kingdom, and India, using account-related lures. The objective was to steal credentials and access tokens, highlighting the broad applicability of AI branding in diverse social engineering schemes.

Another notable incident involved malvertising campaigns that deployed the Vidar stealer malware. Fake "Awesome AI Windows Plugin" advertisements were used to trick users into downloading malicious installers. Furthermore, fake DeepSeek V4 installers distributed on GitHub also delivered Vidar Stealer, demonstrating how threat actors are leveraging AI-related software and platforms as vectors for malware distribution.

Microsoft recommends that organizations leverage AI-powered security solutions to enhance visibility, automate detection, and accelerate response across their email, identity, and endpoint surfaces. Users are advised to remain vigilant against AI-themed lures, verify the legitimacy of urgent requests, and be cautious of unsolicited software updates or plugins, especially those promoted through advertisements or unofficial channels.