Recently, Microsoft issued a stern warning to Windows and Mac users to refrain from using the Quick Assist app on their PCs and devices. Per the company's own report, bad actors are leveraging AI tricks to gain unauthorized remote access, and by extension, steal personal information and various credentials (via Forbes).
Ever since generative AI burst into the world, the technology has gained broad adoption across medicine, education, entertainment, and computing. And while it has proven to be an invaluable resource, there are critical security and privacy concerns as "hackers" harness the tech.
For context, Quick Assist works on Windows or macOS devices for remote access to devices. "Tech support scammers often pretend to be legitimate IT support from well-known companies and use social engineering tactics to gain the trust of their targets," added Microsoft.
"They then attempt to employ tools like Quick Assist to connect to the target’s device.”
Microsoft says the broad availability of AI is "making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate." It further detailed how attackers are camouflaging their illicit attacks with AI and masquerading them to unsuspecting users as "tech support," making it even more difficult to decipher the real deal from scams for inexperienced users.
The sophisticated attacks include "scareware", which often leverages popups or images mimicking a faulty device notification requiring immediate action. Interestingly, the Federal Bureau of Investigation (FBI) indicated that in most cases, unsolicited tech support calls are often linked to scams and fraud.
Microsoft and Google have confirmed that they'll never reach out to their clients directly to inform them about a fault and request help to fix it. “Legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals,” the FBI added.
To that end, users are encouraged to avoid installing apps that grant remote access to their devices. If they do, it's paramount to initiate a support call through publicly available channels or directly from the OS installed on their device, and stick to trusted internal remote access apps like Remote Help within their companies.
While the report confirmed that Quick Assist hasn't been compromised by these sophisticated AI ploys, abuse of software by bad actors places Microsoft in a tough spot with areas of risk that it's currently trying to mitigate.
