HP Wolf Security has discovered that cybercriminals now use generative AI to create malware. Their latest Threat Insights Report reveals campaigns where attackers employed AI tools to write malicious code. This development marks a significant shift in the cybersecurity landscape.
In one campaign, French-speaking users became targets of malware likely crafted with AI assistance. Clues such as script structures, explanatory comments for each code line, and native language function names suggest AI involvement. The malware aims to infect users with AsyncRAT, an infostealer capable of recording screens and keystrokes.
HP researchers also uncovered sophisticated ChromeLoader campaigns. Attackers use malvertising to lure victims to professional-looking websites offering fake PDF tools. These functional applications hide malicious code delivered as MSI files. When users install these fake tools, attackers hijack browsing sessions and redirect searches to their sites. Valid code-signing certificates help bypass Windows security policies, increasing infection chances.
Another emerging tactic involves embedding malware in SVG vector images. Victims think they are viewing harmless photos. In reality, they interact with files executing embedded JavaScript code. This method leads to the installation of various infostealer malware. Since SVG images open automatically in browsers, this approach exploits user trust and avoids detection.
Patrick Schläpfer, Principal Threat Researcher at HP Security Lab, commented on these findings. He noted that while speculation about AI-assisted attacks has been widespread, concrete evidence was limited until now. The observed behavior indicates that attackers use AI assistants to write code. This trend allows those without coding expertise to develop scripts and create infection chains.
The report underscores how cybercriminals evolve their methods to bypass security measures. By using AI tools, they create more convincing phishing lures and malware. They leverage valid code-signing certificates to make malicious applications appear legitimate. These strategies increase attack effectiveness and make detection more challenging.
Data from HP Wolf Security shows that at least 12% of email threats bypassed one or more email gateway scanners. The top threat vectors included email attachments (61%), browser downloads (18%), and other methods like removable storage (21%). Archives were the most widespread malware delivery type, with ZIP files being the most common at 26%.
The Global Head of Security for Personal Systems at HP Inc., Dr. Ian Pratt, emphasized building resilience. He stated that threat actors constantly update their methods. Therefore, businesses must start isolating high-risk activities like opening email attachments or web downloads to minimize the attack surface and neutralize infection risks.
HP Wolf Security uses hardware-enforced virtual machines on endpoints to protect users without affecting productivity. This technology isolates threats that evade detection tools, allowing malware to detonate safely. It also captures detailed traces of attempted infections, providing insights into intrusion techniques.
HP Wolf Security has helped users stay safe while clicking on over 40 billion email attachments, web pages, and downloaded files. They do this by isolating risky tasks, and there have been no reported breaches.
The report highlights the need for organizations to stay vigilant and adapt their security strategies. Cybercriminals leverage new technologies like generative AI to enhance their methods. They use malvertising around popular search keywords to direct victims to deceptive websites. These sites offer functional tools like PDF readers and converters, which hide malicious code. The combination of well-designed websites and valid certificates makes these attacks more convincing.
Furthermore, shifting from HTML files to vector images like SVG for smuggling malware represents a new challenge. Since SVG images execute embedded code when viewed, this tactic exploits users’ trust in image files. It’s a stealthy method that can lead to malware installation without the user’s knowledge.
HP’s findings are based on data from millions of HP Wolf Security endpoints. By capturing real-world cyberattacks, the report provides valuable insights into the latest techniques used by cybercriminals. This information helps organizations understand the evolving threat landscape and adjust defenses accordingly.
Archives remain a popular method for delivering malware, accounting for 39% of delivery types. It highlights the need for caution when opening compressed files from unknown sources. Users should remain skeptical of unsolicited emails and downloads, even if they appear legitimate.
As cybercriminals continue to adopt new technologies, advanced security solutions become critical. Organizations must invest in comprehensive security strategies, including prevention, detection, and response capabilities. Educating users about safe practices and staying informed about the latest threats are critical components of an effective defense.