Kuse AI Workplace App Abused to Host Phishing Documents in Vendor Email Compromise Attack
Threat actors exploited the legitimate Kuse AI workplace platform to host a phishing document, using a compromised vendor email and a blurred markdown file to steal credentials.
On April 9, 2026, Trend Micro's TrendAI Managed Services Team detected a sophisticated phishing campaign that weaponized the legitimate AI workplace application Kuse.ai. Attackers abused Kuse's document storage and sharing features to host a malicious markdown file, which was delivered via a compromised vendor email account. The attack leveraged the trusted relationship between the vendor and the target organization, a classic Vendor Email Compromise (VEC) technique, to bypass initial suspicion and security filters.
The phishing chain began when a compromised mailbox from a trusted vendor sent an email containing a link to a file hosted on Kuse's legitimate domain, app[.]kuse[.]ai. The URL mimicked a legitimate document by incorporating the vendor's company name and using spaces, commas, and periods to appear authentic. The file used the .md (Markdown) extension, which is less commonly associated with phishing than PDF or HTML files, allowing it to evade signature-based detection and heuristic rules.
Upon clicking the link, users were redirected to the legitimate Kuse workspace, where they saw a blurred document preview. Below the blurred image, a hyperlink in Spanish read "HAZ CLIC AQUÍ PARA VER EL DOCUMENTO" ("CLICK HERE TO VIEW THE DOCUMENT"). Clicking this link redirected users to a fake Microsoft login page hosted at hxxps://onlineapp[.]ooraikaoo[.]info, designed to harvest user credentials. The blurred document lure exploited user curiosity and trust in the legitimate platform.
Kuse.ai is described as an "agentic AI coworker" that uses work context to improve decision-making. Users can upload documents or create markdown notes, which can be shared via links generated under the app[.]kuse[.]ai domain. Attackers abused this sharing mechanism to host the phishing document, taking advantage of the platform's reputation to lower user suspicion. This technique mirrors previous abuses of file-sharing services like Dracoon and GitHub's trusted reputation to host malicious content.
The attack highlights a multi-layered social engineering approach designed to evade both automated defenses and human scrutiny. By combining a VEC to establish trust at the point of delivery, a legitimate AI platform to host the payload, and an uncommon file extension to bypass filters, the attackers demonstrated a sophisticated understanding of modern security controls. Trend Micro noted that some indicators of compromise were redacted due to the use of specific organization names.
As AI tools become more deeply embedded in business workflows, their sharing and collaboration features present new surfaces for abuse. Trend Micro recommends organizations conduct regular user awareness training that goes beyond generic phishing scenarios to include real-world examples of AI platform abuse, VEC, and blurred document lures. The incident underscores that even highly reputable platforms can host untrustworthy content, and layered protection combined with heightened user awareness is essential to defend against such evolving threats.