Researchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email.

Generative AI Accelerates Malware Creation

The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software.

A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients.

Malware Written with Artificial Intelligence

While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery.

One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works.

Code excerpt containing alleged AI-generated statements. Source: HP Wolf Security

In-Depth Analysis of the Malware

Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed.

The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device.

Infection chain leading to AsynRAT. Source: HP Wolf Security

AsyncRAT Development and Its Risks

AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses.

Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks.

AI Increases the Threat of Cyberattacks

HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity.

The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims.

Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware.

Notice:

,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“