Subj : AI-written malware is here, and going after victims already
To   : All
From : TechnologyDaily
Date : Wed Sep 25 2024 11:30:04

AI-written malware is here, and going after victims already

Date:
Wed, 25 Sep 2024 10:15:12 +0000

Description:
Researchers are saying this is the first concrete piece of evidence that 
hackers are using GenAI for code building.

FULL STORY
======================================================================

HP Arctic Wolf researchers claim to have found evidence hackers are using 
Generative Artificial Intelligence (GenAI) tools to create malware and other 
malicious code. 

GenAI tools, such as ChatGPT, or Gemini, are being used left and right to 
create convincing phishing emails, professional-looking landing pages, and 
similar, the researchers are saying, and the evidence is apparently 
overwhelming. 

However, when it comes to spotting malware code written by robots, its a 
different story: To date there has been limited evidence of threat actors 
using GenAI tools to write code, HP said. The French under attack 

Whether or not HP has been the first is hard to tell, as security firm 
Proofpoint made a similar claim back in April 2024 concerning a PowerShell 
malware strain . 

Regardless of the timing, HP says it identified a campaign targets the 
French-speaking community with a VBScript and JavaScript that was probably 
written with the help of GenAI. 

Therefore, the researchers believe these findings are a big deal: 
"Speculation about AI being used by attackers is rife, but evidence has been 
scarce, so this finding is significant, commented Patrick Schlpfer, Principal 
Threat Researcher in the HP Security Lab. 

Such capabilities further lower the barrier to entry for threat actors, 
allowing novices without coding skills to write scripts, develop infection 
chains, and launch more damaging attacks. 

Its a long shot, since one would still need significant knowledge to pull off 
malware, but GenAI would definitely be helpful. 

The structure of the scripts, comments explaining each line of code, and the 
choice of native language function names and variables are strong indications 
that the threat actor used GenAI to create the malware, the researchers said. 
The attack infects users with the freely available AsyncRAT malware, an 
easy-to-obtain infostealer which can record victims screens and keystrokes. 
The activity shows how GenAI is lowering the bar for cybercriminals to infect 
endpoints. More from TechRadar Pro This Windows malware is now evolving to 
target Linux systems Here's a list of the best firewalls around today These 
are the best endpoint security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/malware-written-by-ai-spotted-targeting
-victims-in-france


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.