SAN FRANCISCO, Sept. 27 — In an alarming development for cybersecurity professionals, a new report by HP Wolf Security has revealed that cybercriminals are turning to Generative Artificial Intelligence (GenAI) to craft malicious code, lowering the skill level required to launch sophisticated attacks and making cyber defense more challenging than ever before.
HP Uncovers GenAI-Generated Malware Targeting French Users
HP’s security researchers have identified a concerning campaign targeting French-speaking victims, using malware believed to have been written with the assistance of GenAI. The structure of the malware, the code comments, and even function and variable names in the native language strongly suggest that AI tools were employed to construct this threat.
Specifically, the campaign utilizes VBScript and JavaScript to deploy AsyncRAT, a type of malware that acts as an infostealer. Once it infiltrates a target system, AsyncRAT is capable of recording keystrokes and capturing the screen, providing attackers with access to sensitive data such as login credentials and personal information.
“This marks one of the first documented cases where AI appears to have played a direct role in malware creation,” said an HP Wolf Security analyst.
The malware code was not only well-organized but also included comments that explained each line—an unusual feature that supports the theory of GenAI’s involvement, potentially making it easier for even low-skilled threat actors to understand and deploy the attack.
The Evolution of AI in Cybercrime
While the concept of using AI to write malicious code has long been a topic of speculation, the HP report stands as one of the first pieces of concrete evidence showing AI’s role in actively accelerating cyberattacks. The implication is profound: the use of GenAI is making it easier for cybercriminals to develop and deploy malware at scale.
“GenAI is lowering the barriers to entry for cybercriminals,” noted the report. “What used to require significant programming skills can now be accomplished with AI assistance, making it more accessible for inexperienced attackers to infect endpoints.”
Rise in ChromeLoader Campaigns and Malicious SVGs
In addition to the GenAI-written malware, HP Wolf Security researchers uncovered an uptick in ChromeLoader campaigns that rely on malvertising. These campaigns use fake advertisements to lure victims to convincing websites offering fake tools like “PDF converters.” Once users interact with the fake tool, malware can be deployed onto their systems, often disguised as legitimate downloads.
A particularly sophisticated technique involves embedding malicious code into SVG vector images. These images, once opened in a browser, automatically execute embedded JavaScript code. This approach allows attackers to bypass many traditional security filters, as SVG images are commonly considered safe by most defenses.
Shifts in the Cybersecurity Landscape
The use of AI-generated code in malware development represents a growing challenge for cybersecurity. GenAI allows threat actors to develop more sophisticated attacks more quickly and easily, thus transforming the threat landscape. This not only empowers experienced cybercriminals but also enables newcomers with little programming knowledge to launch effective campaigns.
The trend underscores the need for organizations to enhance their cybersecurity defenses. Traditional tools may struggle to detect AI-generated threats, which often exhibit behaviors different from conventional malware.
“The rise of GenAI-generated malware should serve as a wake-up call for organizations,” an HP Wolf Security spokesperson emphasized. “The threat landscape is evolving rapidly, and defenses must evolve to keep up.”
Organizations are advised to implement more advanced security measures, increase employee awareness about potential phishing and malware campaigns, and stay vigilant as the use of AI in cybercrime continues to evolve.