AI-written malware is here, and going after victims already

Illustration of a laptop with a magnifying glass exposing a beetle on-screen
(Image credit: Shutterstock / Kanoktuch)

HP Wolf Security researchers claim to have found evidence hackers are using Generative Artificial Intelligence (GenAI) tools to create malware and other malicious code.

GenAI tools, such as ChatGPT, or Gemini, are being used left and right to create convincing phishing emails, professional-looking landing pages, and similar, the researchers are saying, and the evidence is apparently overwhelming.

However, when it comes to spotting malware code written by robots, it’s a different story: “To date there has been limited evidence of threat actors using GenAI tools to write code,” HP said.

The French under attack

Whether or not HP has been the first is hard to tell, as security firm Proofpoint made a similar claim back in April 2024 concerning a PowerShell malware strain.

Regardless of the timing, HP says it identified a campaign targets the French-speaking community with a VBScript and JavaScript that was probably written with the help of GenAI.

Therefore, the researchers believe these findings are a big deal: "Speculation about AI being used by attackers is rife, but evidence has been scarce, so this finding is significant,” commented Patrick Schläpfer, Principal Threat Researcher in the HP Security Lab.

“Such capabilities further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks.”

It’s a long shot, since one would still need significant knowledge to pull off malware, but GenAI would definitely be helpful.

“The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware,” the researchers said. “The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain infostealer which can record victim’s screens and keystrokes. The activity shows how GenAI is lowering the bar for cybercriminals to infect endpoints.”

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.