Friend
Professional
- Messages
- 2,653
- Reaction score
- 852
- Points
- 113
Hackers are using AI to create malicious code, changing the paradigm of cybersecurity.
In June, experts from HP discovered a phishing campaign aimed at users in France, which used AI to create malicious code. The main goal of the attack was to spread the AsyncRAT. The researchers reported their findings in a threat report for the second quarter of 2024.
The attack used the HTML Smuggling method, a technique in which password-protected archives were transmitted through HTML documents. The attackers injected VBScript and JavaScript into the archives, which performed malicious actions on the infected system. Experts cracked the password and found a code structured in the way generative AI usually does. All of the code was provided with comments explaining in detail how it worked, which is rare for hand-written malware.
Comments in VBScript code
HP emphasizes that such comments in the code and the use of natural language for function names and variables are indicators that the code may have been generated by AI. As a result of the analysis, it turned out that VBScript created tasks in the Windows scheduler and made changes to the system registry to maintain its presence.
The next stage of the attack was to download and execute AsyncRAT, an open-source malware that grants the hacker remote access to the infected system, allowing them to intercept keystrokes and execute additional malicious commands. The HP report also notes that this type of archive has become the most popular way to deliver malware in the first half of 2024.
Another case has become one of the most notable examples of malware being used in web browsers is ChromeLoader. The program hijacks the victim's browser session and redirects requests to sites controlled by the attackers. In the second quarter of 2024, ChromeLoader's distribution campaigns have become larger and more carefully planned. The malware was distributed through advertisements leading to sites with PDF converters. Production applications hid malicious code in MSI files, and the use of valid digital signature certificates helped bypass Windows security mechanisms, increasing the chances of a successful attack.
In the course of research on attacks in the second quarter, experts also identified a campaign in which SVG files were used to distribute malware. This format is widely used in graphic design and supports many functions, including scripts. Cybercriminals took advantage of the opportunity to inject malicious JavaScript scripts into images, which led to attempts to infect victims' devices with various infostealers.
The use of generative AI greatly simplifies the development of malicious code, allowing less experienced attackers to create sophisticated attacks in a matter of minutes. Such technologies help not only speed up the process of creating malware, but also customize it for specific purposes, whether it is Linux or macOS platforms, or specific regions. Even if AI is not used to create full-fledged malware, it plays a key role in the development of advanced threats that are becoming more sophisticated every day.
Source
In June, experts from HP discovered a phishing campaign aimed at users in France, which used AI to create malicious code. The main goal of the attack was to spread the AsyncRAT. The researchers reported their findings in a threat report for the second quarter of 2024.
The attack used the HTML Smuggling method, a technique in which password-protected archives were transmitted through HTML documents. The attackers injected VBScript and JavaScript into the archives, which performed malicious actions on the infected system. Experts cracked the password and found a code structured in the way generative AI usually does. All of the code was provided with comments explaining in detail how it worked, which is rare for hand-written malware.
Comments in VBScript code
HP emphasizes that such comments in the code and the use of natural language for function names and variables are indicators that the code may have been generated by AI. As a result of the analysis, it turned out that VBScript created tasks in the Windows scheduler and made changes to the system registry to maintain its presence.
The next stage of the attack was to download and execute AsyncRAT, an open-source malware that grants the hacker remote access to the infected system, allowing them to intercept keystrokes and execute additional malicious commands. The HP report also notes that this type of archive has become the most popular way to deliver malware in the first half of 2024.
Another case has become one of the most notable examples of malware being used in web browsers is ChromeLoader. The program hijacks the victim's browser session and redirects requests to sites controlled by the attackers. In the second quarter of 2024, ChromeLoader's distribution campaigns have become larger and more carefully planned. The malware was distributed through advertisements leading to sites with PDF converters. Production applications hid malicious code in MSI files, and the use of valid digital signature certificates helped bypass Windows security mechanisms, increasing the chances of a successful attack.
In the course of research on attacks in the second quarter, experts also identified a campaign in which SVG files were used to distribute malware. This format is widely used in graphic design and supports many functions, including scripts. Cybercriminals took advantage of the opportunity to inject malicious JavaScript scripts into images, which led to attempts to infect victims' devices with various infostealers.
The use of generative AI greatly simplifies the development of malicious code, allowing less experienced attackers to create sophisticated attacks in a matter of minutes. Such technologies help not only speed up the process of creating malware, but also customize it for specific purposes, whether it is Linux or macOS platforms, or specific regions. Even if AI is not used to create full-fledged malware, it plays a key role in the development of advanced threats that are becoming more sophisticated every day.
Source
