The Anti-virus Times

środa, 11 marca 2026

The rapid expansion of computer technologies has long been recognized as the natural order of things: over decades of progress, we've become accustomed to the geometric growth of device performance and software functionality, and the emergence of services for all of life's occasions; and we've embraced digital symbiosis, which has made our lives more convenient. But everything has a downside, and the field of information security has vividly demonstrated how new opportunities can also bring new threats. That's always been the case—from the emergence of the global network to the development of virtual metaverses.

Now the community's attention is focused on neural network algorithms and AI models, and their global impact on the industry and on information security principles in particular. The media is hyping up this "tectonic shift" in technology that is changing the rules of the game for everyone—developers, corporations, users, and, of course, attackers. Neural networks have acquired a dual nature: they are simultaneously viewed as a universal remedy and a digital "weapon of mass destruction". This discourse often carries a dangerous message: the average user may get the impression that everything is out of their control now. AI will protect them. The opposite—protecting oneself from AI—is impossible.

In today's issue of the Antivirus Times, we propose to discuss the most pressing threats in light of the "new realities," and at the same time, determine whether we are truly on the threshold of a new paradigm where humans are no longer in charge.

Old threats and new vectors

In one of our previous Antivirus Times issues, which was dedicated to the topic of using a PC that lacks antivirus protection, we already discussed the typical risks that the average user encounters. The truth is that, despite apparent technological progress, these well-known infection scenarios and methods remain relevant to this day. Malware of all types and modifications—from scripts to encryption ransomware—continues to thrive online, masquerading as legitimate or useful software. As before, most of these are trojans that users unknowingly launch themselves.

This approach worked 20 years ago, and it still works today, as virus writers consider it the most technically feasible way to initially infect the Windows OS environment (adjusted for user carelessness). Of course, built-in protection systems have been improved over the years. For example, Windows will never allow an unsigned file to be run without displaying the corresponding notification or even making attempts to block execution. But who cares about these restrictions if they can be bypassed in only two clicks, and the user wants it to run "here and now"?

Unfortunately, the "simple" scenario described above doesn't just apply to random home devices. Serious attacks on the corporate sector also began in a similar manner. At the first stage, the attackers' main goal is always to exploit the entry point—the initial infection. After that, the trojan operates according to its intended functionality. Often, it serves as a loader for other, more complex modules that perform the main destructive actions, such as collecting, stealing, or destroying data.

In our issues, we often recommend downloading programs only from official sources. This important security rule is designed to minimize the risks described above. However, malware has other ways to infiltrate a device. Sometimes, attackers manage to compromise a software development company and, with a new update, introduce malicious code or a vulnerability into a legitimate, signed file. This method is called a "supply chain attack".

When such an incident becomes known, it receives widespread media coverage, and developers try to quickly remedy the situation. But even if this is a relatively rare occurrence, the very existence of this method means that there are risks associated with downloading official software. Strictly speaking, a valid digital signature does not guarantee that a file is completely safe and secure. It only verifies the sender of that file.

But let's return to the scenarios that users encounter daily. Virus writers strive to ensure that their malware is operating not only effectively but also going undetected. Modern modifications of miners are a striking example. They are distinguished by their silent mode, which makes them difficult to detect. Criminals have realized that to mine for a long time, they must not interfere with the user's daily work. Therefore, during the mining process, the program uses PC resources in a controlled manner and dynamically manages the load.

Currently, they are focused on mining Monero and other low-entry coins that can bring in quick money. Infected devices form botnets—distributed computing networks that generate a profit for their creators. Such miners exist both as classic trojans and as malicious scripts on websites or browser extensions.

In recent years, under the influence of widespread digitalization, it is not so much the hacking methods that have changed, but the priorities of attackers. Nowadays, capturing a user's digital identity is far more valuable than controlling a single device. A good example is the widespread use of infostealer trojans. These malicious programs steal session cookies and credentials stored in the browser.

After obtaining them, a hacker can log into other accounts on their device, even bypassing two-factor authentication, leading to the loss of access to email, social media, and banking services. The significant danger isn't the hack of a single service, but the high risk of a cascading effect. Thus, a single compromised account (for example, a main email address) can give attackers access to a person's entire digital life—from government services to work-related corporate chats.

Furthermore, stolen user data often becomes a hot commodity on the Darknet, where it is resold for further blackmail or to prepare new attacks. It's worth noting that cybercriminals are pragmatists who always try to stay on top of the latest trends, so any new technology or communication channel instantly becomes their working tool. We are now in a period when they are actively combining traditional, proven malware distribution channels with new technical capabilities.

Phishing via email and instant messengers, fake websites with infected programs, network vulnerabilities, and weak device security—all of these will be exploited as long as they produce results.

Phishing 2.0 and neural networks

Phishing has always been a cornerstone of cybercrime since it is essentially based on simple deception. Deception is at the core of trojans, fake messages and websites, malicious mining, and digital extortion. Why should cybercriminals write complex code and use multi-module malware to cause infections when they can force the user to hand over the information they need "voluntarily"?

Modern technologies allow attackers to dramatically increase their chances for success. Phishing, in particular, has seen a quantum leap in recent years. Instead of sending banal spam randomly, scammers are increasingly using targeted tactics. The aforementioned neural networks, automation, and a combination of methods help them in this.

For example, if a phishing site or message previously often displayed numerous errors and sloppy execution, now AI effectively eliminates this drawback. Language models write texts in any language with perfect grammar, adhere to business etiquette, or imitate the style of a specific brand. The situation is complicated by deepfake technologies, which, at a fairly high level, imitate voices and create a desired video sequence with the image of an arbitrary person.

Finally, the key feature of spear phishing is its omnichannel nature: scammers don't limit themselves to email, but use multiple communication channels simultaneously in several stages. For example, they first send a message on a social network and then in a messenger, and finish with an "official" email, which already contains a malicious attachment or a fake authorization form for stealing data.

In such conditions, when AI is able to quickly process huge amounts of data, this significantly simplifies the tasks of cybercriminals—the deception becomes more effective. Neural networks in the hands of criminals are not just "well-written texts". AI has become another powerful tool in the eternal struggle between cybercriminals and computer security specialists.

Nowadays, journalists often write about AI polymorphism—a technology that allows neural networks to rewrite malicious program code on the fly, making traditional signature analysis almost useless for detection. This is indeed true, but we will simply note that the technology of polymorphism itself has been known for over thirty years. Even at the dawn of mass virus writing, the developers of the Dr.Web antivirus successfully implemented decryption and emulation algorithms to combat this threat.

However, today, thanks to neural networks, polymorphism is experiencing a kind of rebirth. While the classical methods were limited to simple command shuffling or encryption, modern AI models are capable of completely rewriting program logic, making each new instance of a program unique in the context of analysis.

Thus, AI is being used to quantitatively improve the functionality of trojans: from automating vulnerability searches to expanding infection and camouflage capabilities. Why quantitative? The fact is that AI models are not yet capable of inventing fundamentally new attack methods or making decisions that go beyond the data in a training set. They act as an enormous reference book, doing the "dirty" work incredibly quickly and efficiently.

And here we come up to the main trap of the widely circulated narrative, which endows neural networks with absolute power. In our opinion, the current virus situation means exactly the opposite: it is namely the user who plays the primary role in ensuring security.

Ultimately, no matter how "smart" a virus or trojan may seem, it still needs a way to get into your system. AI can write a perfect email or reshuffle code beyond recognition, but it can't magically infect a system. We aren't standing at the threshold of a digital apocalypse, where humans are impotent against the power of neural networks; we've simply entered a phase where errors come at a higher cost and the methods of deception are more sophisticated.

Information security today isn't simply a battle of AI-powered software products, but a competition in vigilance. However, this has always been the case; only the means have changed. The best protection remains the same—it is a symbiosis of reliable antivirus software and critical thinking. Remember: technology only scales up threats, but the human factor still lies at the very core of them.