Computer Security AI-Generated Malware Has Been Discovered and It Could...

AI-Generated Malware Has Been Discovered and It Could Change Cybersecurity as We Know It

In the evolving world of cybersecurity, we’ve known for some time that AI could be leveraged to create malicious software. But recent developments have signaled that the future of AI-generated malware may be closer than we think. HP recently intercepted an email campaign that delivered a standard malware payload through an AI-generated dropper, marking a significant shift in cybercrime tactics.

A New Kind of Threat Found in AI Malware Development

The discovery took place in June 2024 when HP’s security team came across a phishing email that featured a typical invoice-themed lure. The attachment was an encrypted HTML file—a technique known as HTML smuggling designed to evade detection. While HTML smuggling is nothing new, this case had an interesting twist. Typically, cybercriminals would send a pre-encrypted file, but this time, the attackers included the AES decryption key directly within the JavaScript code of the attachment. This oddity prompted further investigation.

Upon decrypting the attachment, HP's researchers found that it appeared to be a normal website but concealed within it was a VBScript and the notorious AsyncRAT infostealer. The VBScript acted as a dropper, deploying the infostealer payload, modifying system registries, and running JavaScript as a scheduled task. A PowerShell script then executed, completing the deployment of AsyncRAT.

While much of this process is familiar, one key detail stood out: the VBScript was unusually well-structured and contained comments—an uncommon practice in malware development. Even more surprising, the script was written in French. These factors led HP researchers to believe that the dropper wasn't crafted by a human, but rather generated by AI.

The Role of AI in Lowering the Barrier for Cybercriminals

To test their theory, HP’s team used their own AI tools to replicate the VBScript. The resulting script bore a striking resemblance to the one used in the attack. While this isn’t definitive proof, the researchers are confident that AI was involved in the malware’s creation. But the mystery deepens: why wasn’t the malware obfuscated? Why were the comments left in the code?

One possible explanation is that the attacker was a newcomer to the world of cybercrime. AI-generated malware might be lowering the entry barriers for would-be hackers by making tools like VBScript generation accessible to individuals with minimal technical skills. In this case, AsyncRAT, the primary payload, is freely available, and techniques like HTML smuggling don’t require extensive coding knowledge.

Alex Holland, a principal threat researcher at HP, pointed out that this attack required very few resources. There was no complex infrastructure aside from a single command-and-control (C&C) server to manage the stolen data. The malware itself was basic and lacked the usual obfuscation seen in more sophisticated attacks. In short, this may have been the work of an inexperienced hacker leveraging AI to do the heavy lifting.

The Future of AI-Generated Malware

This discovery raises another alarming possibility. If an inexperienced attacker could leave clues pointing to AI-generated scripts, what could more seasoned adversaries be achieving with similar tools? Experienced cybercriminals would likely remove all traces of AI involvement, making detection far more difficult, if not impossible.

“We’ve long anticipated that AI could be used to generate malware,” said Holland. “But this is one of the first real-world examples we've seen. It’s another step toward the future, where AI-generated malware will become more advanced and widespread.”

As AI technology continues to advance rapidly, the timeline for fully autonomous AI-generated malware is shrinking. While it's hard to predict the exact timeline, experts like Holland believe it could happen within the next couple of years. The AI threat isn’t looming on the horizon—it’s already here.

Preparing for the Next Wave of Cyber Threats

As the lines between human and AI-generated malware blur, the cybersecurity landscape is set to become even more challenging. While this incident serves as a warning, it’s also a glimpse into the future where AI will play a bigger role in cyberattacks. Security professionals must stay vigilant, continually adapting their defenses to counter these emerging threats.

With AI-generated malware making its first appearance in the wild, it's not far-fetched to imagine a time when more sophisticated, AI-powered attacks become the norm. As Holland ominously suggests, we might already be saying, “They’re here already! You’re next! You’re next!”

Loading...