GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks

GREYVIBE is an emergent threat actor active since at least August 2025 that targets Ukrainian government, military, and civilian sectors using spear-phishing, fake CAPTCHA pages, and deceptive websites to deliver modular malware (PhantomRelay RAT, LegionRelay, FallSpy Android spyware). The group systematically leverages generative AI (ChatGPT, Google Gemini, Ideogram) to author phishing lures, obfuscators, and malware components—accelerating development and complicating attribution—while operational errors have exposed some backend functionality allowing researchers limited visibility into the actor's activity.