AI is being exploited by cybercriminals to create more sophisticated malware, posing a new challenge to global cybersecurity.
HP's Wolf Security team discovered a new variant of AsyncRAT, a type of asynchronous remote access malware, in a suspicious email sent to customers in September 2024. Notably, the infection method of this variant appears to be developed using generative artificial intelligence (GenAI).
This is one of the rare examples of hackers using AI to write malware, and it shows how the technology is increasingly being used by cybercriminals. Researchers have previously found AI-generated phishing websites, but using AI to write malware is a worrying step forward.
The email contained the malware, disguised as a French invoice, targeting French speakers. The team initially had difficulty determining the function of the attachment because the code was encrypted and required a password to decrypt it. After successfully decrypting it, they discovered the AsyncRAT malware hidden inside.
Technical analysis shows that the malware contains a complex series of scripts that eventually lead to the installation of AsyncRAT on the victim's device. Notably, the malware has several features that indicate it was developed by AI, such as comments explaining the functionality of the code and unusual code structure.
Code snippets containing statements believed to be generated by AI. Source: HP Wolf Security AsyncRAT and the threat of AI-generated malware
According to the developer of the Blackberry cybersecurity software, AsyncRAT is a software released via GitHub in 2019. The software is promoted as a legitimate open-source remote administration tool. However, it is mostly used by cybercriminals.
AsyncRAT allows attackers to remotely control infected devices, potentially stealing cryptocurrency users' private keys or recovery phrases, leading to asset loss.
The new variant of AsyncRAT uses a new injection method, and researchers found clear signs of GenAI-generated code. This suggests that AI technology is making it easier than ever for malware developers to carry out attacks.
Infection chain leading to AsynRAT. Source: HP Wolf Security
“This activity shows that GenAI is accelerating attacks and lowering the barrier for cybercriminals to infect endpoints,” HP’s report notes.
Earlier in December 2023, some ChatGPT users discovered that they could use the tool to find vulnerabilities in smart contracts. In May 2023, Meta also warned about cybercriminals creating fake versions of popular GenAI programs to scam users.