JustAskJacky fake AI assistant malware campaign
Campaign
Summary
Hide ▲
Show ▼
The JustAskJacky campaign is distributing a fake AI assistant that installs a backdoor, turning trusted-looking software into a malware delivery path. The operation uses professional-looking interfaces and valid digital signatures to make the installer seem legitimate. It also adds Java persistence that keeps control through a scheduled task running every four hours. Targeting people looking for AI tools increases the chance that employees or organizations will install malicious software during normal productivity workflows.
Related Happenings
AI coding assistants GhostApproval symlink security flaw
Vulnerability
H score22
First: 09.07.2026 07:27
Last: 09.07.2026 07:27
Sources 1
About this happening:
A July 8 disclosure identified GhostApproval, a symlink flaw in six AI coding assistants that can redirect approved writes into ~/.ssh/authorized_keys or ~/....
AI coding assistants GhostApproval symlink security flaw
VulnerabilityAbout this happening: A July 8 disclosure identified GhostApproval, a symlink flaw in six AI coding assistants that can redirect approved writes into ~/.ssh/authorized_keys or ~/....
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical Analysis
H score22
First: 06.07.2026 09:33
Last: 06.07.2026 09:33
Sources 1
About this happening:
SKILLCLOAK shows that malicious AI coding-agent skills can be rewritten to evade static scanners while still executing, exposing credentials, source code, and term...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical AnalysisAbout this happening: SKILLCLOAK shows that malicious AI coding-agent skills can be rewritten to evade static scanners while still executing, exposing credentials, source code, and term...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware Activity
H score12
First: 17.06.2026 12:38
Last: 17.06.2026 12:38
Sources 1
About this happening:
A JetBrains Marketplace malware operation has pushed 15 malicious plugins that pose as AI coding assistants and steal AI provider API keys from developers. The plugins...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware ActivityAbout this happening: A JetBrains Marketplace malware operation has pushed 15 malicious plugins that pose as AI coding assistants and steal AI provider API keys from developers. The plugins...
GPU cryptomining malware using ScreenConnect and SEO poisoning
Malware Activity
H score16
First: 28.05.2026 00:31
Last: 28.05.2026 00:31
Sources 1
About this happening:
A cryptojacking malware operation is spreading through SEO-poisoned download pages and, in some cases, AI chatbot recommendations, putting high-performance Windows s...
GPU cryptomining malware using ScreenConnect and SEO poisoning
Malware ActivityAbout this happening: A cryptojacking malware operation is spreading through SEO-poisoned download pages and, in some cases, AI chatbot recommendations, putting high-performance Windows s...
SHub Reaper macOS infostealer variant
Malware Activity
H score23
First: 19.05.2026 00:42
Last: 19.05.2026 00:42
Sources 1
About this happening:
The SHub Reaper macOS infostealer now uses AppleScript and a fake Apple security update lure to infect Macs, raising the risk of credential theft and remote access. It...
SHub Reaper macOS infostealer variant
Malware ActivityAbout this happening: The SHub Reaper macOS infostealer now uses AppleScript and a fake Apple security update lure to infect Macs, raising the risk of credential theft and remote access. It...
Timeline
-
04.06.2026 17:00 2 articles · 1mo ago
Microsoft DART warns that fake AI assistants are delivering malware
Initial DisclosureMicrosoft DART warned that cybercriminals are using a campaign dubbed JustAskJacky to trick users into downloading a fake AI assistant that is actually a Java backdoor. The malware is disguised with professional-looking interfaces and valid digital signatures, and it can establish persistence with a scheduled task that runs every four hours to maintain control and send telemetry. Microsoft also advised organizations to review nonstandard applications, remove AI tools with no business need, and treat unauthorized AI installers as suspicious.
Show sources
- Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns — www.infosecurity-magazine.com — 04.06.2026 17:00
- Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns — www.infosecurity-magazine.com — 04.06.2026 17:00