AI-written malware is here, and going after victims already

Illustration of a laptop with a magnifying glass exposing a beetle on-screen
(Image credit: Shutterstock / Kanoktuch)

HP Wolf Security researchers claim to have found evidence hackers are using Generative Artificial Intelligence (GenAI) tools to create malware and other malicious code.

GenAI tools, such as ChatGPT, or Gemini, are being used left and right to create convincing phishing emails, professional-looking landing pages, and similar, the researchers are saying, and the evidence is apparently overwhelming.

However, when it comes to spotting malware code written by robots, it’s a different story: “To date there has been limited evidence of threat actors using GenAI tools to write code,” HP said.

The French under attack

Whether or not HP has been the first is hard to tell, as security firm Proofpoint made a similar claim back in April 2024 concerning a PowerShell malware strain.

Regardless of the timing, HP says it identified a campaign targets the French-speaking community with a VBScript and JavaScript that was probably written with the help of GenAI.

Therefore, the researchers believe these findings are a big deal: "Speculation about AI being used by attackers is rife, but evidence has been scarce, so this finding is significant,” commented Patrick Schläpfer, Principal Threat Researcher in the HP Security Lab.

“Such capabilities further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks.”

It’s a long shot, since one would still need significant knowledge to pull off malware, but GenAI would definitely be helpful.

“The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware,” the researchers said. “The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain infostealer which can record victim’s screens and keystrokes. The activity shows how GenAI is lowering the bar for cybercriminals to infect endpoints.”

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Half man, half AI.
Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Cartoon Phishing
Hackers use GenAI to attack more frequently and effectively
A profile of a human brain against a digital background.
Securely working with AI-generated code
Representational image of data security
Safety policies are needed for safe AI adoption, security leaders say
A hand reaching out to touch a futuristic rendering of an AI processor.
Google says Gemini is being misused to launch major cyberattacks
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over