Researchers at Check Point demonstrated that AI assistants with web browsing and URL-fetching capabilities, such as Grok and Microsoft Copilot, can be abused as stealthy relays for command-and-control communications. Malware can use WebView2 to interact with these AI agents, fetch attacker-controlled URLs, and parse chat outputs to receive commands or exfiltrate encrypted data, making detection and blocking more difficult. #Grok #MicrosoftCopilot
Keypoints
- Check Point created a proof-of-concept showing AI assistants can act as C2 proxies, tested on Grok and Microsoft Copilot.
- Malware can open a WebView2 window on Windows 11 to submit queries to the AI and receive responses.
- The AI agent can be instructed to fetch attacker-controlled URLs and return embedded instructions or encrypted data.
- No account or API keys are required for the demonstrated technique, reducing traceability and blocking options.
- Attackers can evade platform safety checks by encoding payloads as high-entropy blobs, making detection harder.