HP’s March 2026 Threat Insights Report reveals how cybercriminals are increasingly using artificial intelligence and modular malware to scale attacks, with many prioritising speed and low cost over sophistication, yet still managing to bypass traditional security defences.
According to the report, threat actors are assembling campaigns using “flat-pack” malware components purchased from hacker forums. These modular tools allow attackers to rapidly build, customise and deploy malware campaigns using reusable scripts and installers. Multiple threat groups are using similar building blocks, enabling them to launch attacks with minimal effort.
The report identifies the growing use of AI-generated infection scripts, referred to as “vibe-hacking”. In one example, attackers used a fake invoice PDF containing a malicious link that silently downloaded malware before redirecting the victim to a legitimate site, helping disguise the attack. In another campaign, attackers used malicious advertisements and search engine poisoning to direct victims to spoofed Teams websites. When users install the software, hidden Oyster Loader malware piggybacks on the installation process, infecting the device while the legitimate application appears to install normally.
Alex Holland, Principal Threat Researcher, HP Security Lab, comments:
“It’s the classic project management triangle – speed, quality and cost. You often sacrifice one of them. What we’re seeing is many attackers are optimizing for speed and cost, not quality. They are not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic but the uncomfortable reality is they still work.”
