Skip to main content

Tag: ai generated malware

5 articles

Rows of computer equipment racks and monitors in a server room, with a blank laptop screen in the foreground.

AI-Generated Malware Targets Active Directory Environments

Criminals are now leveraging AI to create malicious software, as seen in a recent case where an attacker used an AI-assisted PowerShell script to infiltrate an Active Directory environment. This emerging threat, dubbed "vibe coding," allows attackers to generate software by simply prompting a large language model in plain language.

Analyst 207
Laboratory setting with computer workstations, coding terminals, and testing equipment.

Threat Actor Leverages AI to Craft EDR Evasion Tools

Sophos X-Ops stumbled upon a secret laboratory while investigating a routine endpoint alert, uncovering a trove of AI-powered tools designed to sneak past modern EDR agents. The surprising discovery revealed a sophisticated operation using partly AI-generated Python scripts to craft evasive tools.

Analyst 207
Cluttered computer terminal room with cables and equipment, laptop in center, faint GitHub logo on blurred screen.

AI-Generated Malware Exposes Operator's GitHub Token

A malicious npm package, disguised as a harmless sync utility called "mouse5212-super-formatter", was downloaded 676 times before it was caught stealing sensitive data and exposing its creator's GitHub token. This AI-generated malware cleverly hid its true intentions, uploading stolen files to a fake repository and covering its tracks.

Analyst 207
Developer workstation with laptop, monitor, and coffee cup in a modern office setting with cityscape view.

North Korea Targets Developers with AI-Generated npm Malware

Security researchers have uncovered a sneaky malware campaign targeting developers, involving a malicious npm package called @validate-sdk/v2 that's designed to steal sensitive secrets, including crypto-wallet credentials. This tainted package, linked to a North Korean threat actor, was cleverly disguised as a utility SDK for legitimate tasks like hashing and validation.

Analyst 207
Gloved hands hover over a cracked smartphone with eerie glow and payment terminal reflection.

NGate Malware Targets Brazil, Trojanizes HandyPay for NFC Data Theft

Security researchers have uncovered a sneaky new Android malware, NGate, that has been hiding in plain sight by infecting a legitimate app called HandyPay, used for NFC data relay, and using AI-generated code to steal payment credentials. This cleverly crafted malware has set its sights on Brazil, putting unsuspecting users at risk of NFC data theft.

Analyst 207