Researchers disclosed Slopoly, a suspected AI-generated PowerShell backdoor used by financially motivated threat actor Hive0163 to maintain persistent access during post-exploitation. The script, likely produced via a builder and showing signs of LLM-assisted development such as extensive comments and accurate variable names, beacons system information and polls a C2 for commands, exemplifying the rise of AI-assisted malware like VoidLink and PromptSpy. #Slopoly #Hive0163 #NodeSnake #InterlockRAT
Keypoints
- Slopoly is a PowerShell backdoor believed to be AI-generated and used by Hive0163 to maintain persistence.
- It establishes persistence via a scheduled task named βRuntime Brokerβ and beacons system information every 30 seconds while polling for commands every 50 seconds.
- Indicators such as extensive comments, logging, and descriptive variable names suggest LLM assistance in its development.
- Hive0163 leverages NodeSnake, Interlock RAT, ClickFix social engineering, malvertising, and initial access brokers like TA569 and TAG-124 for operations.
- The emergence of Slopoly highlights how AI-assisted tools are accelerating malware development and enabling threat actors to scale extortion campaigns.
Read More: https://thehackernews.com/2026/03/hive0163-uses-ai-assisted-slopoly.html