Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

JustAskJacky fake AI assistant malware campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The JustAskJacky campaign is distributing a fake AI assistant that installs a backdoor, turning trusted-looking software into a malware delivery path. The operation uses professional-looking interfaces and valid digital signatures to make the installer seem legitimate. It also adds Java persistence that keeps control through a scheduled task running every four hours. Targeting people looking for AI tools increases the chance that employees or organizations will install malicious software during normal productivity workflows.

Related Happenings

GPU cryptomining malware using ScreenConnect and SEO poisoning

Malware Activity
First: 28.05.2026 00:31 Last: 28.05.2026 00:31 Sources 1

About this happening: A **cryptojacking malware operation** is spreading through **SEO-poisoned download pages** and, in some cases, **AI chatbot recommendations**, putting **high-performance Windows s...

Open Happening

SHub Reaper macOS infostealer variant

Malware Activity
First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

Open Happening

Jasper Sleet and Coral Sleet AI-enabled IT worker scam campaign

Campaign
First: 06.03.2026 19:49 Last: 06.03.2026 19:49 Sources 1

About this happening: The **Jasper Sleet** and **Coral Sleet** campaign is using **AI** to scale fake **IT worker scams**, making social engineering against **organizations** more convincing and persis...

Open Happening

OpenClaw fake installer GitHub campaign promoted by Bing AI

Campaign
First: 06.03.2026 00:37 Last: 06.03.2026 00:37 Sources 1

About this happening: A **last month** campaign used **fake OpenClaw installers** on **GitHub** and **Bing AI**-promoted search results to push **malware loaders** and **infostealers** to people trying...

Latest development: 09.03.2026 20:31

A malicious npm package named @openclaw-ai/openclawai, uploaded on March 3, 2026, masquerades as an OpenClaw installer and uses a postinstall hook to launch scripts/setup.js, display a fake CLI and iCloud Keychain prompt, and fetch a second-stage payload from trackpipe[.]dev. The chain installs a persistent RAT internally identified as GhostLoader and steals macOS Keychain data, browser credentials, crypto wallets, SSH keys, Apple Notes, iMessage history, Safari history, and Mail data before exfiltrating a tar.gz archive through the C2 server, Telegram Bot API, and GoFile.io.

Open Happening

Steaelite Windows RAT with FUD and multi-function capabilities

Malware Activity
First: 27.02.2026 12:06 Last: 27.02.2026 12:06 Sources 1

About this happening: The **Steaelite** Windows RAT is being marketed as a **fully undetectable** tool for **Windows 10 and 11**, giving operators browser-based control over infected machines and enabl...

Open Happening

Timeline

  1. 04.06.2026 17:00 2 articles · 1h ago

    Microsoft DART warns that fake AI assistants are delivering malware

    Initial Disclosure

    Microsoft DART warned that cybercriminals are using a campaign dubbed JustAskJacky to trick users into downloading a fake AI assistant that is actually a Java backdoor. The malware is disguised with professional-looking interfaces and valid digital signatures, and it can establish persistence with a scheduled task that runs every four hours to maintain control and send telemetry. Microsoft also advised organizations to review nonstandard applications, remove AI tools with no business need, and treat unauthorized AI installers as suspicious.

    Show sources
    Open in new tab