ESET, a global cybersecurity solutions firm, highlighted that Malaysia is entering a new era of artificial intelligence (AI) powered social engineering.

The firm said in a statement on Tuesday that criminal groups are now using AI to produce highly convincing communications, manipulate trusted digital environments,
and influence user behavior in ways that traditional phishing tools never achieved.

It is noted that AI has now embedded itself into the anatomy of modern scams.

Messages no longer arrive with broken English or generic requests.

The communication feels personalized and precise, matching corporate tone, local slang, and emotional triggers engineered to prompt quick action.

Compounding this shift is the environment AI now operates in.

AI systems themselves are increasingly polluted by a mix of misinformation and intentionally crafted fake content.

This polluted ecosystem provides attackers with endless material to weaponize, making it harder for users to recognize when something is fabricated, distorted, or malicious.

ESET telemetry reflects how these trends are taking root in Malaysia.

In the six months from December 2024 to May 2025, phishing attacks accounted for roughly 37 percent of all threats detected in Malaysia, making it the most prominent category.

Other threat types appeared in far smaller volumes. Infostealers, information-stealing malware, has also risen to become to become a major driver of phishing and identity theft.

Formbook, a well-known threat designed to steal a wide variety of sensitive data, is also present in Malaysia and represented about 26 percent of all detected infostealers, surpassing multiple other families and reinforcing its status as the leading tool used to harvest
credentials across the country.

More telling than the categories are the delivery mechanisms.

Scripts and executable files now make up more than three quarters of all email threats in Malaysia, far exceeding malicious Office documents.

This shift aligns with global patterns, where attackers increasingly rely on AI assisted automation to scale
their campaigns.

According to the statement, five AI enabled methods are now shaping the threat landscape: voice cloning for highly convincing impersonation; AI crafted messages mirroring organizational and local writing styles; Chatbot interference through poisoned prompts or injected instructions; browser level manipulation that guides behavior without malicious links; contextual personalization built from public digital footprints.

“AI was supposed to make information clearer, but today it is increasingly polluted by misinformation and deliberately crafted fakes,

“That polluted ecosystem is now feeding the next wave of
cyberattacks. Threats are moving faster, adapting quicker, and sounding more human than ever，” its Senior Research Fellow Righard Zwienenberg said.

According to him, in Malaysia, phishing and infostealing remain dominant, but the real shift is in how AI accelerates and reshapes these attacks.

“The goal is no longer to trick someone into clicking a link, it is to influence their judgement in a moment of urgency or trust,

“As long as people overshare and systems remain underdefended, attackers will continue to exploit that gap,” he added.

The statement also highlighted that techniques once limited to more digitally mature markets are now appearing locally.

These included high fidelity voice impersonation for financial and operational instructions; manipulated chatbot interactions targeting AI powered service channels; browser based influence operations operating within legitimate webpages; virtual reality (VR), augmented reality (AR) and wearable device exploitation through malicious embedded URLs; scams built around Malaysia’s high reliance on mobile and AI assisted communication.

It is noted that with 99.5 percent of households owning mobile phones, and 96.8 percent with internet access, Malaysia presents a wide digital surface for attackers to exploit.

Behavioral trends amplify this exposure. People worry about privacy yet overshare more than ever, especially on social platforms and messaging apps.

Coupled with the country’s strong FOMO driven culture, social engineering techniques thrive.

These behaviors continue to fuel ransomware cases, credential theft, and scam-related financial losses.

For consumers, ESET highlighted the best defense remains a mix of awareness and the right tools.

Besides, as cybercriminals rely on human error, it noted reducing that gap is key.

As Malaysia strengthens its cyber defense posture through NACSA, CyberSecurity Malaysia, and the upcoming Malaysia Cyber Security Strategy 2025–2030, ESET opined that the country faces a rapidly shifting threat landscape shaped by AI.

It emphasized the importance of continuous research, evidence-based guidance, and proactive security tools to help Malaysians stay ahead of emerging risks.

InsiderSecurity, CyberSecurity Malaysia team up to bolster Malaysia’s cyber resilience