Cybersecurity is facing an unprecedented surge in sophistication as AI-driven phishing and disinformation campaigns scale globally. With AI-powered attacks on Android devices rising 1,200 percent and mobile cybercrime causing €442 billion in damages in the first quarter of 2026, authorities are shifting toward high-visibility public warning systems to protect citizens.
How are intelligence agencies using public screens to fight cybercrime?
The Bremen Verfassungsschutz has launched a unique cooperation with the media company Ströer to reach the public where they live and travel. By utilizing large digital advertising screens at major traffic hubs and bus stops, the agency can issue direct warnings about current digital threats.
This first-of-its-kind partnership in Germany aims to build resilience against both cyber threats and disinformation. The initial campaign focuses on a phishing wave that authorities have attributed to foreign intelligence services. These attackers often pose as trusted entities, such as technical support teams for messaging services, to manipulate users into surrendering passwords or personal data.
If you receive an urgent message claiming a security breach on a service like Signal or WhatsApp, do not click any links provided in the message. Instead, open the official app directly or visit the service’s official website to check your account status.
Why are AI-powered scams becoming so difficult to detect?
The integration of artificial intelligence into criminal workflows has caused a massive spike in attack volumes. While global cybercrime losses recently grew by 26 percent to approximately €19.2 billion, the scale of mobile-specific attacks is even more alarming. In the first quarter of 2026 alone, mobile cybercrime resulted in €442 billion in damages.
Criminals are no longer relying solely on poorly written emails. They are now using highly personalized strategies via messaging apps, often fueled by stolen datasets. This evolution is clearly visible in the statistics: AI-supported phishing attacks on Android devices have increased by 1,200 percent over the last two years.
Newer, specialized methods are also emerging. “Quishing”—the use of manipulated QR codes to conduct phishing—has surged by 150 percent, reaching roughly 18 million cases. Furthermore, attackers are increasingly using AI-cloned voices of bank employees and screen-overlay Trojans to bypass traditional security measures.
Comparing the growth of cyber threats
- Global Cybercrime Losses: Increased by 26%
- Quishing (QR Phishing): Increased by 150%
- AI-Phishing on Android: Increased by 1,200%
“Quishing” involves criminals replacing legitimate QR codes in public spaces with malicious ones. When scanned, these codes can lead you to fake login pages designed to steal your credentials.
What risks do software and social media platforms face?
The technical infrastructure that powers the modern world is under constant pressure. A self-replicating worm known as “Miasma” recently compromised 73 Microsoft GitHub repositories, specifically targeting services for Azure Functions. The worm’s primary goal is to steal cloud access credentials for major platforms like AWS and GCP.
Software vulnerabilities are also a major entry point. The Bundesamt für Sicherheit in der Informationstechnik (BSI) recently issued a high-risk warning (CVSS 8.8) for Google Chrome and Microsoft Edge, citing over 200 identified vulnerabilities. Simultaneously, Russian hacking groups, such as UAC-0001 (APT28), are reportedly exploiting Microsoft Office vulnerabilities to target government networks in the EU and Ukraine.
On social media, the Brandenburg Verfassungsschutz has warned about the rise of AI-generated profiles. These fake accounts, sometimes appearing as ordinary citizens on platforms like X, are used to spread extremist messages and radicalize users. In response to these evolving threats, OpenAI has implemented a special lockdown mode for users handling sensitive data to defend against prompt-injection attacks.
How will new regulations and politics respond to these threats?
As digital threats move into the political sphere, lawmakers are debating stricter controls. Stephan Kramer, President of the Thuringian Verfassungsschutz, has called for a review of security practices within the Bundestag. He highlighted the risks of intelligence exploitation following a trip by an AfD member to a forum in St. Petersburg, noting that many officials currently lack formal security clearances.
In Brandenburg, Interior Minister Jan Redmann has proposed a social media ban for young people to mitigate the impact of AI-driven disinformation. On a broader scale, the EU AI Act is scheduled to come into force in August 2026, which will establish a mandatory legal framework for the use of artificial intelligence across the continent.
Legal precedents are also shifting. The Federal Court of Justice (BGH) recently ruled that data from the crypto-platform Anom is admissible as evidence, even when the exact methods of its acquisition by the FBI are unclear. At the same time, courts have reminded bank customers that they may be held liable for losses if they are found to be grossly negligent when falling victim to phishing attacks.
Frequently Asked Questions
What is Quishing?
Quishing is a form of phishing that uses manipulated QR codes to trick users into visiting malicious websites or downloading malware.
When does the EU AI Act take effect?
The EU AI Act is expected to come into force in August 2026.
How much damage did mobile cybercrime cause in early 2026?
Mobile cybercrime caused an estimated €442 billion in damages during the first quarter of 2026.
What is the “Miasma” worm?
Miasma is a self-replicating worm that targets GitHub repositories to steal cloud access credentials for platforms like AWS and GCP.
Stay Informed:
Cybersecurity threats evolve every day. To ensure you are protected against the latest AI-driven scams, subscribe to our newsletter or explore our other deep dives into digital security.
