HQ/EMEAFind out how we can help your business
Recent studies reveal that threat actors are using generative artificial intelligence (GenAI) to write harmful code. One of the earliest known instances of attackers utilising GenAI to spread AsyncRAT, an open-source remote access trojan (RAT) that permits remote control of compromised systems, is this one.
Security researchers discovered this campaign after investigating a suspicious email that appeared in June, masquerading as a French invoice. The email contained an attachment crafted to distribute AsyncRAT. The attackers employed GenAI to generate both VBScript and JavaScript code for the operation, highlighting a concerning evolution in cybercriminals’ tactics.
In typical scenarios, malware developers employ obfuscation techniques to conceal their code, but this GenAI campaign demonstrated a different approach.
The malicious scripts exhibited no signs of obfuscation and included extensive comments detailing the function of each code line. This level of clarity is rarely seen in malware development, where the goal is often to complicate analysis and detection.
The attack commenced with an HTML file from the email attachment, which prompted the recipient for a password upon opening. Initially thought to be an HTML-smuggling attack, further investigation revealed that the payload was encrypted directly within the JavaScript using Advanced Encryption Standard (AES). After successfully brute forcing the password, the researchers discovered a VBScript file that initiated a series of actions leading to the deployment of AsyncRAT. The VBScript wrote key variables to the Windows Registry, which were later utilised by a PowerShell script that injected the malware into a legitimate process to execute the final payload.
This campaign illustrates how quickly attackers are adapting their strategies by incorporating GenAI into their toolkits. By leveraging AI-generated code, cybercriminals can produce sophisticated malware with minimal programming skills, thereby lowering the barriers to entry for potential attackers.
Although there are considerable risks associated with the use of GenAI in cybercrime, there are also opportunities for defenders. Security professionals recommend the application of GenAI tools in defence mechanisms because they help organisations recognise patterns of harmful activity, find unauthorised access, and foresee security issues.
In order to effectively battle these evolving threats, organisations must incorporate AI-driven solutions into their cybersecurity strategy as hackers continue to adapt their techniques.
