Ddos 
Attack diagram | Image: TrendMicro
Security researchers at Trend Micro have uncovered a sophisticated phishing campaign that turns the burgeoning popularity of AI tools against unsuspecting employees. On April 9, 2026, the TrendAI Managed Services Team identified an attack that abused the storage and sharing features of Kuse.ai, a legitimate AI “agentic coworker” platform.
The attack utilized a high-trust method known as Vendor Email Compromise (VEC). By hijacking a mailbox from a trusted partner, attackers sent “specifically crafted phishing emails that leveraged the existing relationship level between the two organizations”.
Because the email originated from a known contact, internal security filters and human intuition were bypassed, leading employees to forward the malicious message to relevant users for processing.
The core of the deception lived on the app[.]kuse[.]ai domain. Attackers abused the platformβs markdown note feature to host a fraudulent document.
Researchers noted several clever evasion tactics:
- The Markdown Maneuver: The use of the .md extension is less common in phishing than PDFs or Word docs, allowing it to bypass heuristic rules and filter signatures.
- Legitimate Domain Spoofing: The URLs mimicked official documents using the compromised vendor’s name, further confusing both users and automated scanners.
- Visual Lures: When opened, the page displayed a “blurred document preview” to entice the user into clicking a linkβostensibly to view the full content.
As the report explains, “Threat actors executed a phishing attack that utilized a fake URL and image manipulation… an application’s good reputation does not guarantee the trustworthiness of its content.”
Once a user clicked the call-to-actionβsuch as “HAZ CLIC AQUΓ PARA VER EL DOCUMENTO”βthey were not shown a document. Instead, they were redirected to a fake Microsoft login page designed to harvest corporate credentials.
The abuse of Kuse.ai follows a worrying pattern of weaponizing reputable platformsβlike GitHub or established file-sharing servicesβto circumvent security controls. Trend Micro emphasizes that organizations must strengthen security training to remind employees that “an application’s good reputation does not guarantee the trustworthiness of its content”.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
