AI Phishing - New Campaign Exploits Browser Permissions
Basically, scammers use AI to trick people into giving away access to their cameras and microphones.
A new AI-driven phishing campaign is tricking users into granting browser permissions, leading to serious data theft. This sophisticated approach captures sensitive information through popular services. Stay vigilant to protect your data!
What Happened
A new AI-powered phishing campaign has emerged, utilizing advanced tactics to go beyond traditional credential theft. Discovered by Cyble Research & Intelligence Labs, this campaign has been active since early 2026. It employs social engineering techniques that lure users with messages about ID scanning and account freezing. The goal? To trick individuals into granting access to their device's cameras and microphones.
The phishing pages are hosted on platforms like edgeone.app, impersonating popular services such as TikTok, Instagram, and Google Chrome. Instead of asking for usernames and passwords, these pages request browser-level permissions. This innovative approach marks a significant evolution in phishing tactics, making it harder for users to recognize the threat.
Who's Being Targeted
The campaign targets a broad audience, particularly users of well-known social media platforms and web services. By leveraging the familiarity of these platforms, attackers increase the likelihood of users falling for their schemes. The use of AI in crafting these phishing pages allows for more convincing and personalized messages, enhancing the chances of success.
As users become more aware of traditional phishing methods, attackers are adapting their strategies. This campaign's focus on obtaining browser permissions indicates a shift towards more invasive tactics, where attackers can gather sensitive data without directly asking for it.
Signs of Infection
Once users grant the requested permissions, the malicious JavaScript code activates the device's camera and microphone. This allows attackers to capture images, video, and audio in real-time. Additionally, the campaign collects device fingerprinting information, including user agent, platform, memory, CPU, network, battery status, contact lists, and geolocation data.
The exfiltration of this data is conducted via Telegram bots, which provide a secure channel for attackers to receive stolen information. Users may not immediately notice any signs of infection, as the data is collected silently in the background, making it crucial to remain vigilant about browser permissions.
How to Protect Yourself
To safeguard against such phishing attacks, users should be cautious when granting browser permissions. Always verify the legitimacy of a website before providing access to your device's camera or microphone. Look for signs of phishing, such as unusual URLs or requests for permissions that seem unnecessary.
Additionally, consider implementing security measures such as browser extensions that block malicious sites or alert you to potential phishing attempts. Regularly updating your browser and operating system can also help protect against vulnerabilities that attackers may exploit. Stay informed about the latest phishing tactics to better defend yourself against these evolving threats.
SC Media