Current phishing defenses overlook the emerging threat of large language model (LLM)-enhanced social engineering, particularly in multi-stage, cross-modal attacks. Method: This work identifies and systematically analyzes a novel composite phishing attack—LLM-driven Quishing combined with Browser-in-the-Browser (BiTB)—where Google Gemini is leveraged for malicious prompt engineering to dynamically generate deceptive QR codes; these are then embedded via frontend iframe injection to seamlessly overlay spoofed interfaces within legitimate browser windows. Contribution/Results: We construct a fully reproducible attack chain demonstrating high user deception rates under realistic conditions. This study expands the phishing threat landscape by introducing the first empirically validated instance of LLMs being weaponized at the human–computer interaction layer for real-time, context-aware social engineering. The findings provide critical insights for designing next-generation anti-phishing mechanisms resilient to LLM-augmented, multi-vector threats.

Lately, cybercriminals constantly formulate productive approaches to exploit individuals. This article exemplifies an innovative attack, namely QR-based Browser-in-The-Browser (BiTB), using proficiencies of Large Language Model (LLM) i.e. Google Gemini. The presented attack is a fusion of two emerging attacks: BiTB and Quishing (QR code phishing). Our study underscores attack's simplistic implementation utilizing malicious prompts provided to Gemini-LLM. Moreover, we presented a case study to highlight a lucrative attack method, we also performed an experiment to comprehend the attack execution on victims' device. The findings of this work obligate the researchers' contributions in confronting this type of phishing attempts through LLMs.