In a concerning development, cybersecurity researchers have discovered the first known instance of AI-generated malware being used in a real-world attack. The malicious code, believed to have been created using generative AI technology, was found in an email campaign targeting French users. The attack employed a technique known as HTML smuggling to deliver a password-protected ZIP archive containing a VBScript and JavaScript code.
After brute-forcing the password, researchers analyzed the code and found that the attacker had meticulously commented the entire script, a practice rarely seen in human-developed malware as threat actors typically aim to conceal the malware’s functionality. Patrick Schlapfer, a principal threat researcher at HP, noted that the attacker’s implementation of the AES decryption key in JavaScript within the attachment was unusual and prompted further investigation. Upon closer examination, the researchers discovered that the decrypted attachment opened to what appeared to be a website but contained the freely available AsyncRAT infostealer.
The VBScript, acting as the dropper for the infostealer payload, established persistence on the infected machine by creating scheduled tasks and writing new keys in the Windows Registry. The researchers hypothesized that the script was generated by AI due to its neat structure, comprehensive commenting, and the use of French, an uncommon choice for malware authors.
First AI-generated malware attack discovered
Alex Holland, co-lead principal threat researcher at HP, emphasized that the attack required minimal resources, with the payload being freely available and no infrastructure beyond a single command and control server. The malware itself was basic and not obfuscated, suggesting that the attacker might be a newcomer utilizing generative AI technology. The findings raise concerns about the potential for more sophisticated adversaries to leverage AI in their attacks, possibly in a more covert manner.
As generative AI technology continues to evolve rapidly, experts anticipate the emergence of new AI-generated malware payloads within the next few years, signaling a significant shift in the cybersecurity landscape. Cybercriminals with lower technical skills are increasingly turning to generative AI to develop malware, with the technology enabling them to write malicious code in minutes and customize it for attacks targeting various regions and platforms. Even if not used to build fully functional malware, hackers are relying on AI to expedite their work when creating more advanced threats.
The discovery of AI-generated malware in the wild serves as a wake-up call for the cybersecurity community, highlighting the need for proactive measures to detect and defend against this emerging threat. As the battle between cybercriminals and security professionals continues to evolve, the role of AI in both attack and defense strategies is set to become increasingly prominent.
