China’s main cyber-security centre has warned users of malicious AI agent “skills”, or extensions, that aim to install and run crypto-mining software on users’ systems, as experts warn that attackers are exploiting interest in new AI technologies to deploy phishing campaigns.
The National Computer Network Emergency Response Coordination Centre (CNCERT) said malicious providers are offering AI capability extensions, also known as skills, that aim to trick AI agents into downloading, installing and running resource-intensive crypto-mining tools on a user’s local system.
Fraudsters are also in some cases tricking users into running mining software themselves to generate “privacy-focused” tokens, CNCERT said on WeChat.
Malicious extensions
Third-party skills packages are also being offered that bypass model guard rails to generate prohibited content or crypto-mining functions, both of which are illegal in mainland China and could lead to legal consequences for those who voluntarily deploy them, CNCERT warned.
Users could also have accounts suspended or have their data hacked by such tools, in addition to potentially large utility bills and reduced device performance, the watchdog said.
CNCERT said enterprises should establish whitelists for approved AI skills and conduct reviews before deploying third-party components.
AI agents such as Manus, Coze, Dify and Flowith encourage third-party developers to offer skills packages for their platforms, but the companies exert little oversight over the extensions.
Phishing lures
JailBreakBench found that malicious prompt injections and compromised skills were achieving high success rates in bypassing safety controls, including on major US platforms such as Anthropic and OpenAI.
Microsoft Security said in a report this week that hackers have been using the enthusiasm around new AI technologies as bait for sophisticated phishing attacks, including an attack launched hours after DeepSeek’s V4 model that used an authentic-looking GitHub repository to deploy malicious archives.
Hackers also deployed phishing campaigns around the brands of OpenAI’s ChatGPT and Anthropic’s Claude, Microsoft said.
Click Here For The Original Source.
