Hackers use AI-generated Slopoly malware

Hackers used AI-generated Slopoly malware to participate in the group's ransomware operation.

Content created by artificial intelligence or AI-Generated Content may be common in modern times, but another story of AI products that should not be common, is that AI-created malware is starting to cause more and more problems today, such as this news.

According to a report by The Hacker News website, a new campaign of Hive0163 hackers, a group of ransom malware users, or Ransomware to plow money from companies, usually using a variety of tools on their campaigns, such as NodeSnake, Interlock RAT, JunkFiction Loader and Interlock Ransomware, has been detected. But the current campaign is more advanced because Slopoly has introduced AI-generated malware to help them embed ransomware on the victim's machine, which explores the internal elements of the malware code. Variables, Logging, Comments make it possible to confirm that the malware is built with the AI Large Language Model (LLM or Large Language Model), although it is not known to be an LLM implementation of any developer at this time.

This malware will be used after hackers have successfully accessed the victim's system (Compromise) to create persistence within the system, allowing the malware to run at any time (Persistence). This malware will start with the PowerShell script to embed the malware into the "C: ProgramDataMicrosoftWindowsRuntime" folder and then manage to set the timer (Task Scheduled) under the name "Runtime Broker." This malware will serve as the system's backdoor. Hackers can access the system at any time the malware is embedded, as well as as as as a signaller or Beacon to contact the C2 or control server. Command and Control) every 30 seconds and send an additional request every 50 seconds. The received command will take the maran through "cmd.exe" and then send the results back to the server after the command is completed.

For this campaign, a research team from IBM X-Force, a subsidiary of IBM, a giant IT company, explained that the campaign would start by tricking victims into fake websites and using fake notifications to trick victims into installing malware or ClickFix to install the first malware NodeSnake by running a PowerShell script. The malware would then download a remote access trojan called Interlock RAT. This malware would lead to the installation of the same-named ransomware, Slopoly malware, and a tool. Others, based on in-depth investigations, found that this campaign framework has a variety of scripts, such as PowerShell, PHP, C / C + +, Java, and JavaScript, to run on both Windows and Linux operating systems.

# Trending # Lemon 8 Howtoo # lemon 8 diary # freedomhack # Slopoly