CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Automated AI-driven voice phishing platform ATHR enables end-to-end credential harvesting via integrated email and vishing workflows

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A cybercrime platform named ATHR is being sold on underground forums for $4,000 plus a 10% profit commission to conduct fully automated telephone-oriented attack delivery (TOAD) campaigns that combine email lures with AI voice agents to harvest credentials for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL accounts. The platform automates the entire attack chain from targeted email delivery through social engineering to credential theft, routing victims via Asterisk and WebRTC to AI agents that mimic support staff during fraudulent account recovery workflows designed to extract six-digit verification codes. Attackers can optionally escalate calls to human operators, but the AI agent capability enables low-skill threat actors to execute sophisticated vishing campaigns without specialized infrastructure or large teams, significantly lowering the barrier to entry for large-scale credential harvesting operations.

Timeline

  1. 16.04.2026 17:09 1 articles · 3h ago

    Automated AI vishing platform ATHR enables scalable credential harvesting via integrated email and voice phishing workflows

    A new cybercrime platform named ATHR is being used to automate telephone-oriented attack delivery (TOAD) campaigns, combining email lures with AI voice agents to harvest credentials for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL. The platform automates the full attack chain from targeted email delivery through social engineering to credential theft, routing victims via Asterisk and WebRTC to AI agents that mimic support staff during fraudulent account recovery workflows designed to extract six-digit verification codes.

    Show sources
    Open in new tab

Information Snippets

  • ATHR is marketed on underground forums for $4,000 upfront with a 10% commission on stolen profits, enabling monetization of stolen credentials at scale.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources

  • The platform automates end-to-end TOAD campaigns, integrating email template generation, customizable per-target delivery, and spoofing mechanisms to bypass casual verification and basic technical filters.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources

  • Supported credential harvesting targets include Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL, covering a broad range of consumer and enterprise services.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources

  • Victims receive email lures disguised as urgent security alerts or account notifications, directing them to call a provided number that routes through Asterisk and WebRTC to AI voice agents.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources

  • AI agents execute multi-step scripts simulating legitimate support workflows, such as fake account recovery, to extract six-digit verification codes for account takeover.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources

  • ATHR’s operator dashboard provides real-time monitoring, email dispatch control, call handling, and logs containing stolen data, enabling centralized management of phishing operations.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources

  • The platform reduces manual effort and infrastructure requirements, allowing less technical threat actors to deploy automated vishing campaigns without configuring individual components.

    First reported: 16.04.2026 17:09
    1 source, 1 article
    Show sources