Find notable cyber news and cases, enriched with sources, timelines, and signals.

JustAskJacky fake AI assistant malware campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The JustAskJacky campaign is distributing a fake AI assistant that installs a backdoor, turning trusted-looking software into a malware delivery path. The operation uses professional-looking interfaces and valid digital signatures to make the installer seem legitimate. It also adds Java persistence that keeps control through a scheduled task running every four hours. Targeting people looking for AI tools increases the chance that employees or organizations will install malicious software during normal productivity workflows.

Related Happenings

AI coding assistants GhostApproval symlink security flaw

Vulnerability
H score22 First: 09.07.2026 07:27 Last: 09.07.2026 07:27 Sources 1

About this happening: A July 8 disclosure identified GhostApproval, a symlink flaw in six AI coding assistants that can redirect approved writes into ~/.ssh/authorized_keys or ~/....

SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware

Technical Analysis
H score22 First: 06.07.2026 09:33 Last: 06.07.2026 09:33 Sources 1

About this happening: SKILLCLOAK shows that malicious AI coding-agent skills can be rewritten to evade static scanners while still executing, exposing credentials, source code, and term...

JetBrains Marketplace malicious plugins exfiltrating AI provider keys

Malware Activity
H score12 First: 17.06.2026 12:38 Last: 17.06.2026 12:38 Sources 1

About this happening: A JetBrains Marketplace malware operation has pushed 15 malicious plugins that pose as AI coding assistants and steal AI provider API keys from developers. The plugins...

GPU cryptomining malware using ScreenConnect and SEO poisoning

Malware Activity
H score16 First: 28.05.2026 00:31 Last: 28.05.2026 00:31 Sources 1

About this happening: A cryptojacking malware operation is spreading through SEO-poisoned download pages and, in some cases, AI chatbot recommendations, putting high-performance Windows s...

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The SHub Reaper macOS infostealer now uses AppleScript and a fake Apple security update lure to infect Macs, raising the risk of credential theft and remote access. It...

Timeline

  1. 04.06.2026 17:00 2 articles · 1mo ago

    Microsoft DART warns that fake AI assistants are delivering malware

    Initial Disclosure

    Microsoft DART warned that cybercriminals are using a campaign dubbed JustAskJacky to trick users into downloading a fake AI assistant that is actually a Java backdoor. The malware is disguised with professional-looking interfaces and valid digital signatures, and it can establish persistence with a scheduled task that runs every four hours to maintain control and send telemetry. Microsoft also advised organizations to review nonstandard applications, remove AI tools with no business need, and treat unauthorized AI installers as suspicious.

    Show sources