New AI-powered phishing scam targets corporate credentials, warns Kaspersk

Kaspersky, a cybersecurity firm, has identified a new phishing technique that exploits popular AI-powered and no-code web development platforms to steal corporate login credentials, which higlights the evolving tactics cybercriminals are using to bypass traditional security controls.

According to Kaspersky researchers, attackers are increasingly turning legitimate web application development services into tools for phishing campaigns.

The latest incidents involve the abuse of platforms that enable users to create and host web applications with little or no coding expertise. By leveraging trusted cloud infrastructure and reputable domains, cybercriminals are making fraudulent websites appear legitimate to both users and security systems.

In one campaign, attackers used a no-code application-building platform to create intermediary web applications that redirected victims to fake login pages designed to harvest credentials. Because the malicious applications were hosted on trusted domains, they were more likely to evade security filters and gain the confidence of unsuspecting users.

Kaspersky also observed a similar trend involving Tencent EdgeOne Pages, an AI-assisted web application hosting service.

Attackers reportedly used the platform to generate phishing pages within minutes and distributed emails masquerading as messages from corporate IT support teams. Recipients were warned that their account credentials were about to expire and were urged to update their details through a linked webpage.

Once victims entered their usernames and passwords, the information was transmitted directly to servers controlled by the attackers, giving them potential access to corporate resources and sensitive business data.
Roman Dedenok, Anti-Spam Expert at Kaspersky, said “The growing misuse of AI and no-code platforms is lowering the technical barriers for cybercriminals.”

He noted that infrastructure that previously required web development expertise can now be created rapidly, allowing attackers to launch phishing operations at scale.

The company warned that these techniques could become increasingly common within phishing-as-a-service (PhaaS) ecosystems, where ready-made tools enable criminals to conduct sophisticated attacks, including credential theft and attempts to bypass multi-factor authentication.

Kaspersky advised organisations to strengthen employee awareness programmes, ensure that credentials are entered only on verified company platforms, deploy advanced email security systems, and stay informed about emerging phishing tactics.

The discovery comes amid growing concerns about the use of artificial intelligence in cybercrime, and AI-powered tools are making phishing campaigns more convincing, scalable, and difficult to detect.