Listen to this Post

Introduction:
The first half of 2026 has unveiled a sobering reality in cybersecurity: attackers are not inventing entirely new methods but are rapidly adapting established techniques to new platforms, technologies, and user behaviors. The latest ESET H1 2026 Threat Report, analyzing data from December 2025 through May 2026, reveals a threat landscape where Artificial Intelligence (AI) is weaponized at scale, social engineering tactics like ClickFix have more than doubled, and a growing ecosystem of over 100 EDR killers is systematically dismantling enterprise defenses. This report serves as a critical warning for security professionals to reassess their supply chain risks, endpoint protection strategies, and employee training programs.
Learning Objectives:
- Understand the mechanics and risks associated with malicious AI skills and the expanding software supply chain.
- Analyze the evolution and surge of ClickFix social engineering techniques and QR code phishing (quishing).
- Identify the growing threat of EDR killers, including the BYOVD (Bring Your Own Vulnerable Driver) technique, and learn mitigation strategies.
- Explore practical commands and configurations for Linux and Windows to detect and defend against these emerging threats.
You Should Know:
- The Malicious AI Skill Supply Chain: A New Attack Vector
The ESET report analyzed nearly 900,000 AI skills—small functional components that instruct AI agents how to perform tasks, use tools, and access data. Between March and May 2026 alone, the number of unique skills scanned skyrocketed from 60,000 to almost 900,000, with malicious skills growing from about 600 to over 3,000. These malicious skills can command execution, access files, download third-party tools, load credentials, inject code, and obfuscate their activities.
This matters because AI agents are increasingly allowed to browse, execute commands, access files, and interact with third-party services. A single malicious skill can turn an AI assistant into a high-risk supply-chain component. ESET identified skills using third-party hacking tools like Mimikatz and Impacket, as well as self-modifying skills designed to create persistence mechanisms (JSON files) and tools for self-modification (Python code).
Step‑by‑step guide to auditing AI skills:
- Step 1: Inventory AI Skills. Maintain a comprehensive list of all skills, plugins, and extensions installed in your AI agent environments. Use API calls or vendor-specific management consoles to export this list.
- Step 2: Verify Source and Reputation. Cross-reference each skill against known malicious or suspicious hashes. Utilize threat intelligence feeds and platforms like VirusTotal to check the reputation of the skill’s source repository and its developer.
- Step 3: Implement Allowlisting. Adopt a strict allowlist approach for AI skills. Only permit skills that have been vetted and approved by your security team.
- Step 4: Monitor Behavior. Use runtime monitoring to detect anomalous behavior from AI agents, such as unexpected command execution, file access, or network connections.
- Step 5: Use ESET AI Skills Checker. Consider using tools like the ESET AI Skills Checker, which has already scanned nearly 800,000 unique AI Skills, flagging some 25,000 as suspicious and blocking more than 3,000 as malicious.
- ClickFix and Quishing: The Evolution of Social Engineering
ClickFix, a social engineering technique leveraging fake error messages and verification prompts, has become a dominant attack vector. ESET detections of ClickFix attacks increased by 108% between H2 2025 and H1 2026. The technique has expanded beyond fake CAPTCHAs into AI-themed help pages (AI-fix), malicious browser extensions (CrashFix), and cloud authentication scenarios (ConsentFix). ConsentFix is particularly dangerous as it steals Microsoft OAuth authorization codes through fake verification prompts, allowing attackers to obtain OAuth tokens and hijack cloud accounts without needing credentials, often bypassing MFA.
Simultaneously, QR code phishing (quishing) reached record levels, accounting for approximately 11% of all detected phishing emails. Attackers embed malicious links in QR codes to bypass cursory inspection and shift user interaction to mobile devices.
Step‑by‑step guide to defending against ClickFix and Quishing:
- Step 1: User Awareness Training. Educate employees on the ClickFix technique. Train them to recognize fake error messages, AI-generated troubleshooting content, and unexpected verification prompts. Emphasize that legitimate IT support rarely asks users to run scripts or commands from web pages.
- Step 2: Implement Email Filtering. Deploy advanced email filtering solutions that can detect and block phishing emails containing QR codes or suspicious links. Configure filters to flag emails with embedded QR codes for manual review.
- Step 3: Restrict Script Execution. Use Group Policy Objects (GPO) on Windows or `sudoers` configurations on Linux to restrict the execution of scripts (e.g., PowerShell, Python) from untrusted sources or locations.
- Step 4: Monitor OAuth Activity. Implement monitoring for OAuth authorization requests and token usage. Configure alerts for unusual consent grants or token exchanges, especially those originating from unexpected geolocations or devices.
- Step 5: Browser Extension Management. Enforce a strict policy on browser extensions. Use GPO or MDM solutions to block unauthorized extensions and only allow vetted ones from trusted sources.
3. PromptSpy: First-Wave AI-Powered Android Malware
ESET researchers identified PromptSpy, the first known Android malware to use generative AI in its execution flow. The malware leverages Google’s Gemini to interpret user interface elements and adapt its behavior across different devices and environments without relying on hardcoded instructions. While still rare, PromptSpy illustrates the potential for increased flexibility in future threats. This represents a significant shift from static malware to adaptive, AI-driven threats that can dynamically change their attack patterns based on the victim’s device and context.
Mitigation strategies for mobile threats:
- Enable Google Play Protect: Ensure Google Play Protect is active on all Android devices to scan for potentially harmful apps.
- Restrict Installation Sources: Disable installation from unknown sources. Use Mobile Device Management (MDM) to enforce this policy.
- Deploy Mobile Threat Defense (MTD): Implement an MTD solution that can detect and block malicious apps and network traffic.
- Monitor for Anomalous Behavior: Use EDR or MTD solutions to monitor for unusual app behavior, such as excessive permissions requests or unexpected network connections.
4. The Growing Ecosystem of EDR Killers
Ransomware activity showed no signs of slowing down, with continued use of EDR killers—tools designed to disable security software before encryption begins. ESET Research has documented over 100 EDR killers used in the wild, with new variants appearing regularly. A notable example is the GentleKiller framework, used by the Gentlemen ransomware-as-a-service (RaaS) operation. GentleKiller abuses the Bring Your Own Vulnerable Driver (BYOVD) technique, exploiting vulnerable drivers to gain elevated privileges and disable over 400 EDR security processes. The group applies a standardized defense-evasion layer to its tools, including binary protection via Enigma or Themida, filenames mimicking security vendors, fabricated version information, copied digital signatures, and matching icons.
Step‑by‑step guide to defending against EDR killers:
- Step 1: Patch and Harden. Regularly patch and harden your systems, including drivers. Use tools like `sigverif` (Windows) to verify driver signatures and `lsmod` (Linux) to list loaded modules.
- Step 2: Enable Driver Blocklist. Use Windows Defender Application Control (WDAC) or similar tools to maintain a blocklist of known vulnerable drivers. Microsoft provides a vulnerable driver blocklist that can be enabled via GPO.
- Step 3: Monitor for BYOVD Attempts. Implement EDR or SIEM rules to detect attempts to load unsigned or suspicious drivers. Monitor for events like `Service Control Manager` (Event ID 7045) for new service installations on Windows.
- Step 4: EDR Hardening. Configure your EDR solution to operate in a protected or tamper-proof mode. Use strong passwords and MFA for EDR administrative consoles. Regularly test your EDR’s resilience against known EDR killer tools in a sandbox environment.
- Step 5: Incident Response Readiness. Develop and test an incident response plan specifically for ransomware attacks that leverage EDR killers. This plan should include procedures for isolating infected systems, preserving evidence, and restoring from clean backups.
Useful Linux/Windows Commands for Detection and Hardening:
| Platform | Command/Tool | Purpose |
| : | : | : |
| Windows | `Get-WinEvent -LogName System \| Where-Object { $_.Id -eq 7045 }` | Lists recently installed services, useful for detecting new driver or EDR killer installations. |
| Windows | `sigverif` | Launches the File Signature Verification tool to check the digital signatures of system files and drivers. |
| Windows | `Get-Process \| Where-Object { $_.Path -like “temp” -or $_.Path -like “downloads” }` | Lists processes running from temporary or download directories, a common location for EDR killer payloads. |
| Windows | `fltmc` | Displays a list of loaded filter drivers, which can be used to identify unexpected or malicious drivers. |
| Linux | `lsmod \| grep -v “^Module” \| awk ‘{print $1}’` | Lists all currently loaded kernel modules, helping to identify unauthorized drivers. |
| Linux | `dmesg \| grep -i “loading module”` | Shows kernel ring buffer messages related to module loading, useful for detecting suspicious driver activity. |
| Linux | `find / -type f -1ame “.ko” -1ewermt “2026-06-01″` | Finds kernel object (driver) files modified after a specific date, aiding in the discovery of recently added or altered drivers. |
| Linux | `auditctl -w /etc/sudoers -p wa -k sudoers_changes` | Sets up an audit rule to monitor changes to the `sudoers` file, which can be a target for privilege escalation. |
What Undercode Say:
- Key Takeaway 1: The Supply Chain is the New Battlefield. Malicious AI skills represent a critical supply-chain risk. As organizations increasingly deploy AI agents, they must treat AI skills with the same scrutiny as traditional software dependencies, implementing strict vetting, allowlisting, and monitoring processes.
- Key Takeaway 2: Social Engineering is Evolving Faster than Defenses. The 108% surge in ClickFix detections and the record levels of quishing demonstrate that attackers are highly adept at exploiting human trust in new technologies like generative AI and familiar interfaces like QR codes. Continuous user education and technical controls are non-1egotiable.
Analysis:
The ESET H1 2026 Threat Report paints a picture of a threat landscape where efficiency and adaptation are the hallmarks of adversaries. The convergence of AI-powered tools, sophisticated social engineering, and aggressive defense evasion techniques like EDR killers creates a formidable challenge for security teams. The report’s findings underscore that attackers are not struggling to find new ways to breach systems; they are becoming exceptionally skilled at refining and scaling existing methods. The rise of PromptSpy, while currently limited, is a harbinger of more adaptive and intelligent malware that can morph to evade detection. Meanwhile, the proliferation of EDR killers, with over 100 variants in the wild, highlights a critical arms race: as defenses improve, so do the tools to dismantle them. The silver lining, as noted in the report, is that despite the growing volume of ransomware attacks, the proportion of victims paying ransoms continues to decline, suggesting that better preparedness and response measures are making a difference. Organizations must double down on defense-in-depth strategies, embracing zero-trust principles, rigorous patch management, and advanced threat detection to stay ahead.
Prediction:
- +1 The declining ransom payment rate (now between 14% and 28%) indicates that industry-wide efforts in incident response, backup strategies, and law enforcement actions are gaining traction, potentially weakening the ransomware business model over time.
- -1 The rapid growth of malicious AI skills, from 600 to over 3,000 in just a few months, suggests that this attack vector will soon become a primary entry point for sophisticated adversaries, overwhelming organizations unprepared to vet AI components.
- -1 As EDR killers become more commoditized and accessible, the barrier to executing a successful ransomware attack will continue to lower, leading to a surge in attacks against mid-sized enterprises that lack dedicated security teams.
- +1 The emergence of tools like the ESET AI Skills Checker signals a proactive response from the security industry, which will likely spur the development of similar automated scanning and validation tools, creating a new market for AI security.
- -1 The evolution of ClickFix into OAuth token theft (ConsentFix) represents a paradigm shift in account compromise that bypasses MFA, forcing a re-evaluation of cloud authentication security and potentially leading to a wave of cloud account hijackings in the latter half of 2026.
▶️ Related Video (66% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Mayura Kathiresh – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


