How Google blocked first known AI-driven cyberattack targeting 2FA systems
What's the story
Google's Threat Intelligence Group has detected the first known case of an AI-driven attack. The hackers attempted to bypass two-factor authentication (2FA) systems used by many consumer apps, including those from banks and e-commerce platforms. However, Google's proactive counter-discovery successfully thwarted the large-scale attack before it could take place.
Attack details
Hackers used Python script to bypass 2FA
The hackers used a Python script to bypass 2FA, but Google clarified that its Gemini AI tool was not involved. The script contained educational docstrings and followed a structured format typical of LLMs' training data. In light of this threat, Google has released a report detailing how AI is being used in cyber attacks.
AI utilization
AI now aids all stages of an attack
The report highlights that threat actors are using AI to enhance various stages of an attack. This includes aiding the development of exploits and malware, enabling autonomous command execution, facilitating targeted reconnaissance, and improving social engineering operations. Tarun Wig, Co-founder & CEO of Innefu Labs, said this is a new territory where criminals have used AI to discover and build exploits before anyone else spotted it.
Vulnerability discovery
Attack targeted the 2FA process
Wig explained that the attack targeted the 2FA process on a widely used server administration tool. The AI discovered a flaw in how the developer had written the logic, something traditional security scanners would never flag. Google also noted that AI-enabled malware like PROMPTSPY marks a shift toward autonomous attack orchestration, where models interpret system states to dynamically generate commands and manipulate victim environments.
Malware impact
Android malware PROMPTSPY poses major threat for Indian consumers
Wig also revealed the discovery of a separate Android malware called PROMPTSPY. This malicious software monitors your phone activity, learns your PIN or unlock pattern, and is designed to resist deletion. Given that 90% of smartphones sold in India run on Android, this poses a major cybersecurity threat to Indian consumers.
Phishing threats
How to protect yourself from such attacks?
Wig also warned that AI now helps attackers write highly personalized phishing messages. These are much harder to spot than generic scams. To stay safe, he suggested users should not delay software updates, avoid SMS OTPs where possible, check accessibility permissions in Android settings for unknown apps, be suspicious of overly personalized messages, and use different passwords across platforms.