Cybercriminals are increasingly turning to generative AI tools to create sophisticated malware, making it easier for attackers with minimal technical skills to develop and deploy complex cyber threats. In a recent incident, HP Wolf Security discovered a phishing campaign targeting French users, which used AI-generated code to deliver malicious software. The attack employed HTML smuggling techniques to distribute a password-protected ZIP archive containing harmful scripts. Notably, the code was meticulously commented, a characteristic typical of AI-written code that explains each line, providing further evidence of the involvement of generative AI services in creating the malware.
The campaign’s malicious payload included VBScript and JavaScript that established persistence on the victim’s machine by creating scheduled tasks and manipulating the Windows Registry. After breaching the system, the attackers deployed AsyncRAT, a widely available remote access trojan capable of logging keystrokes, monitoring user activity, and executing further malicious actions. The structured nature of the code, extensive commenting, and the use of native language for function names strongly suggest that AI played a significant role in its development.
HP’s report highlights how the accessibility of AI tools is lowering the barrier for cybercriminals, allowing even those with limited programming skills to craft malware rapidly. This trend poses a growing threat as AI can generate code in minutes, enabling attackers to create customized malware for different regions and platforms, including Linux and macOS. Even if hackers are not using AI to build fully functional malware, they are leveraging it to streamline and enhance their existing capabilities, making attacks more efficient and difficult to detect.
The increasing use of AI in cyberattacks underscores the urgent need for advanced cybersecurity measures to keep pace with evolving threats. As generative AI tools become more prevalent, the risk of misuse grows, with lower-level threat actors now able to produce highly effective malware with minimal effort. This shift demands a proactive approach to cybersecurity, emphasizing the development of AI-driven defense mechanisms and rigorous monitoring to counteract the emerging wave of AI-assisted attacks.
