AI-Generated Malware Emerges in Targeted Cyber Attacks

Published on September 25, 2024
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

Cybercriminals are advancing their tactics by deploying AI-generated malware in targeted attacks, notably against users in France. Recent reports reveal that generative artificial intelligence (AI) technology, while beneficial, is being harnessed by malicious actors to create sophisticated and convincing threats.

Researchers discovered that generative AI services were likely used to craft the malicious code in an email campaign delivering the publicly available remote access trojan AsyncRAT. The campaign utilized HTML smuggling to distribute a password-protected ZIP archive containing harmful scripts.

Evidence pointing to AI-generated code includes well-structured scripts, comprehensive comments explaining each line, and the use of native language for function names and variables—traits uncommon in human-developed malware due to the intent to obscure their workings.

AI Created Malware
Image Source: HP

The AsyncRAT malware enables remote monitoring and control, logging keystrokes and providing encrypted connections to compromised machines. This allows attackers to deploy additional payloads, increasing the threat level.

According to HP Wolf Security's Q2 2024 'Threat Insights' report, there is a notable rise in less technically skilled cybercriminals utilizing AI to develop malware. This trend is accelerating the production of malware customized for different regions and platforms (Linux, macOS).

Archives were identified as the most popular delivery method for malware in the first half of the year, highlighting a shift in distribution tactics. The integration of AI in crafting malware signifies an escalation in cyber threats, potentially lowering the barrier for entry for less skilled threat actors.

Generative AI tools were also used by scammers, as these enable them to work in many languages using proper grammar to send malware-ridden messages. One such example is phishing campaigns on the travel website Booking.com, where crooks sent messages to hosts and even created fake properties.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: