Researchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email.

Generative AI Accelerates Malware Creation
The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software.
A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients.
Malware Written with Artificial Intelligence
While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery.
One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works.

In-Depth Analysis of the Malware
Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed.
The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device.

AsyncRAT Development and Its Risks
AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses.
Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks.
AI Increases the Threat of Cyberattacks
HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity.
The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims.
Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

#wazirX #CryptoNewss #CryptoDawar #cyberattacks #CyberSafety

BENGALURU: Crypto exchange WazirX, in a virtual conference on Monday stressed that tracking and recovering stolen crypto assets is a top priority for the exchange.
WazirX, which is pursuing a restructuring of crypto balances which will take at least six months, filed a moratorium application in Singapore Court and as part of the restructuring, aims to engage with a white knight to provide capital and pursue partnerships and collaborations.
The cyberattack on July 18 resulted in a large volume of ERC-20 tokens being stolen. About Rs 2,000 crore worth of user funds were lost.
Last month, Google subsidiary Mandiant Solutions provided a clean chit to the crypto exchange, but digital assets security firm Liminal Custody questioned the scope and methodology of the audit.
When asked about it, Nischal Shetty, WaxirX Founder and CEO told TNIE. "It's just three laptops that we used for accessing the liminal website. Our infrastructure was not impacted or involved in this process. We gave the entire laptop image and data to the forensic team, we have even provided this to the right authorities."
He added that there is nothing beyond the laptop image that exists with us since nothing else on our end was used for accessing the Liminal website except these three laptops.
George Gwee, director of restructuring at Kroll and Jason Kardachi, MD of Kroll, also addressed the conference. Kroll is the financial advisor and according to them, customers will receive returns of 55 per cent to 57 per cent of the funds. This means, 43 per cent of the money would not be able to recover.
However, Shetty added that they are in the negotiation and the ideation stage. The exchange also has an ownership dispute with Binance. While Zanmai India operates WazirX, Zettai is Singapore-incorporated, and it has applied for a moratorium.
The exchange also explained that restructuring is not insolvency, liquidation or bankruptcy. It is a plan to distribute assets to users in a pro-rata, equitable way, and in crypto (not fiat); and it allows users who need liquidity urgently to withdraw crypto more quickly and not exit the restructuring.
Since Zanmai was not affected by the cyberattack, the platform reopened INR withdrawals up to a limit of 66 per cent. The remaining INR are frozen due to ongoing disputes, and investigations by various Indian Law Enforcement Agencies and will be made available for withdrawal as and when they are unfrozen, the crypto exchange informed.

WASHINGTON, Aug 10 - Donald #Trump's U.S. presidential campaign said on Saturday some of its internal communications were hacked and blamed the Iranian government, citing past hostilities between Trump and Iran without providing direct evidence.
The Republican's campaign statement came shortly after news website Politico reported it had begun receiving emails in July from an anonymous source offering authentic documents from inside Trump's operation, including a report about running mate JD Vance's "potential vulnerabilities."
"These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Trump campaign spokesperson Steven Cheung said in a statement.
Late on Saturday, Trump posted on his Truth Social app that Microsoft (MSFT.O), opens new tab had just informed the campaign that Iran had hacked one of its websites. He cast blame on #Iran , adding they were "only able to get publicly available information." He did not elaborate further on the hack.
Reuters has not independently verified the identity of the alleged hackers or their motivation.
The Trump campaign referred to a Friday report from Microsoft researchers that said Iranian government-tied hackers tried breaking into the account of a "high-ranking official" on a U.S. presidential campaign in June. The hackers had taken over an account belonging to a former political advisor and then used it to target the official, the report said. That report did not provide further details on the targets' identities.
A Microsoft spokesperson declined to name the targeted officials or provide additional details after the report was published.
Iran's permanent mission to the United Nations in New York said in an email that "the Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election."
"We do not accord any credence to such reports," it added in response to the Trump campaign's allegations.
On Friday, in response to Microsoft's findings, Iran's U.N. mission told its cyber capabilities were "defensive and proportionate to the threats it faces," and that it had no plans to launch cyberattacks.
The former president had tense relations with Iran while in office. Under Trump, the United States killed Iranian military commander Qassem Soleimani in 2020 and withdrew from a multilateral Iran nuclear deal.

#MarketDownturn #Write2Earn! #cyberattacks