ESET Threat Report H1 2026: first Android malware using generative AI at runtime, ClickFix detections more than double, record QR-phishing, 100+ EDR-killers
ESET's semi-annual threat-landscape report (telemetry December 2025–May 2026) flags four developments a Tier 2/3 team should track (ESET / WeLiveSecurity, 2026-07-08; ESET press release, 2026-07-08).
First, ESET analysed roughly 900,000 "AI skills" — small functional components used by AI agents — and found tens of thousands suspicious and thousands outright malicious, an expanding attack surface in the emerging agentic-AI ecosystem. Second, it identified PromptSpy, described as the first known Android malware to use generative AI (specifically Google's Gemini) inside its own execution flow to interpret UI elements and adapt behaviour across devices at runtime rather than relying on hardcoded logic — following the first AI-powered ransomware disclosed in 2025 (ESET, 2026-07-08). Third, ClickFix (the fake-error social-engineering technique) has expanded beyond fake CAPTCHA prompts into AI-themed help pages, browser extensions and cloud-authentication scenarios, with ESET detections more than doubling between H2 2025 and H1 2026. Fourth, QR-code phishing ("quishing") reached record levels, with roughly 11% of all ESET-detected phishing emails in H1 2026 using QR codes to move victim interaction onto mobile devices and evade cursory inspection. Ransomware activity continued unabated with over 100 distinct EDR-killer tools now catalogued by ESET, though a declining share of victims are reportedly paying.
ESET researchers identified PromptSpy, the first known Android malware to use generative AI in its execution flow
ESET detections of this vector more than doubled between H2 2025 and H1 2026
ESET Research has documented over 100 EDR killers used in the wild, with new variants appearing regularly
Defender actions
- Prioritise EDR-killer detection (driver/process-tampering telemetry, protected-process-light violations) over signature-based ransomware-binary detection, given 100+ catalogued killer tools.
- Treat QR codes in email bodies as first-class phishing indicators requiring the same scrutiny as embedded URLs, and add 'AI help page' / browser-extension-install ClickFix lures to user-awareness material alongside the fake-CAPTCHA variant.
AI-generated · no human review · this permalink is the shareable record for the finding · verify operationally critical claims against the linked primary source.