A new AI-driven phishing campaign is employing advanced tactics beyond traditional credential theft, as uncovered by Cyble Research & Intelligence Labs. This campaign, active since early 2026, uses social engineering lures related to ID scanning and account freezing to trick users into granting access to device cameras and microphones, with further coverage provided by The Cyber Express.The campaign utilizes platforms like edgeone.app to host phishing pages impersonating popular services such as TikTok, Instagram, and Google Chrome. Instead of requesting credentials, these pages prompt users for browser-level permissions. Once granted, JavaScript code activates the device camera and microphone to capture images, video, and audio. This data, along with device fingerprinting information (user agent, platform, memory, CPU, network, battery status), contact lists, and geolocation, is exfiltrated via Telegram bots.Researchers also noted AI-assisted code generation in the campaign's infrastructure, indicated by structured annotations and emoji-based formatting within the scripts.Source: The Cyber Express
You can skip this ad in 5 seconds