Cybercriminals turn to AI in attacks on Windows and macOS users, researchers warn

Researchers revealed that cybercriminals are increasingly using artificial intelligence (AI) to develop and scale sophisticated attacks targeting users on Windows and macOS.

According to a press release by Kaspersky, a North Korean-linked hacking group known as BlueNoroff has launched two new campaigns, called "GhostCall" and "GhostHire", that specifically target Web3 and cryptocurrency organisations across India, Turkey, Australia, and several European and Asian countries. The campaigns have been active since at least April 2025.

BlueNoroff, a subgroup of the Lazarus collective, is known for financial cyberattacks. Its latest operations extend its previous SnatchCrypto campaign and employ advanced social engineering tactics. Attackers posed as venture capitalists on Telegram to lure victims into fake meetings hosted on phishing sites. During these calls, targets were prompted to install "updates" that secretly deployed malware, compromising entire systems, as per the press release.

Kaspersky's Global Research and Analysis Team (GReAT) found that the hackers even replayed videos of previous victims to make fake meetings appear authentic, a strategy that helped them build trust and facilitate further intrusions, including supply-chain attacks.

BlueNoroff is leveraging generative AI to accelerate malware development, localise attacks in multiple languages, and automate large-scale operations. The use of AI allows the group to refine targeting and reduce manual effort, broadening the reach and sophistication of its campaigns, mentions the press release.