AutoHotkey Malware

The AutoHotkey-based malware is malware that is based on AutoHotKey (AHK), an open source scripting language for Windows that was first developed in 2003. This is a scripting engine that was developed into an important part of the Windows scripting ecosystem eventually. AHK not only allows for remapping of keyboard shortcuts but also enables a system that can interact with files, programs, tasks, and third-party programs, as well as automate a wide variety of operations. AHK also uses syntax that is easy to learn, and that does not require advanced technical skills. This has resulted in the AutoHotkey-based malware, developed to carry out a variety of attacks.

How the Criminals Use the AutoHotkey-Based Malware

AHK was for a long time used as a technology for creating tools to cheat in online games. Unfortunately, the attackers have started to adapt AHK to create the AutoHotkey-based malware to carry out a variety of online tactics and malware attacks. Initial reports of the AutoHotkey-based malware involved malware samples that are used to distribute miners for digital currency, which use the victim's computer's resources to mine digital currency. Malware analysts also observed a clipboard hijacker in February 2019, a malware program designed to take over the victim's clipboard to trick the victims into carrying out digital currency operations with the criminals' digital currency wallets instead of their own. Another variant of the AutoHotkey-based malware is a fake version of a known anti-virus program. Day by day, throughout 2019, PC security researchers are uncovering new examples of the AutoHotkey-based malware. This is because criminals will often recycle the code in these threats, only making minor changes to the malware code to create new malware, mainly keyloggers, Trojan droppers and digital currency miners.

The AutoHotkey-Based Malware can Be Surprisingly Complex

Even though AHK is relatively easy to deploy, PC security researchers have observed remarkably complex malware and tactics associated with the AutoHotkey-based malware. The AutoHotkey-based malware is not advanced or hard to detect especially, but the complexity in these threats is growing exponentially. Gradually, criminals associated with the AutoHotkey-based malware are learning how to use AHK to carry out increasingly complex attacks. One example is the use of obfuscation functions that are becoming harder to disentangle than previous iterations of the AutoHotkey-based malware. However, when it comes to a programming language, it seems that AHK is still inferior to modern scripting languages like Powershell, VBScript, and Python, but more advanced than BAT. The malware developers that use AHK are not among the most technically advanced definitely. Regardless of this, though, it is clear that AHK does have significant potential for the creation of malware because it is open source particularly. It also is important to note that because AHK started as a scripting tool to bind keys, there is a lot of potential in AHK to create the AutoHotkey-based malware designed to log keystrokes and spy on computer users specifically, collecting passwords and other information.

Mitigating the Effects of the AutoHotkey-Based Malware

One aspect of the AutoHotkey-based malware that gives it an advantage is that the appearance of these threats is a relatively recent development in 2019. This means that there are still not many tools to study and mitigate these attacks, as there are for other types of malware. As with other types of malware, criminals and attackers will take advantage of this window to release an increasing numbers of these types of attacks. For the moment, as with most malware threats, the best protection against the AutoHotkey-based malware is to use a reliable security program that is fully up to date and to be aware of common malware distribution methods and techniques to avoid becoming a victim of an attack.