Security News > 2024 > April > Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.
Accessing the shortcut file triggered PowerShell to run a remote script.
Analyzing the PowerShell script that loaded Rhadamanthys, the researchers noticed that it included a pound/hash sign followed by specific comments for each component, which are uncommon in human-created code.
While they cannot be absolutely certain that the PowerShell code came from a large language model solution, the researchers say that the script content suggests the possibility of TA547 using generative AI for writing or rewriting the PowerShell script.
BleepingComputer used ChatGPT-4 to create a similar PowerShell script and the output code looked like the one seen by Proofpoint, including variable names and comments, further indicating it is likely that AI was used to generate the script.
As most large language learning models attempt to restrict output if it could be used for malware or malicious behavior, threat actors have launched their own AI Chat platforms for cybercriminals.
News URL
Related news
- That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise (source)
- New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration (source)
- Infostealing malware masquerading as generative AI tools (source)
- ViperSoftX malware covertly runs PowerShell using AutoIT scripting (source)
- Fake AI editor ads on Facebook push password-stealing malware (source)