A new malware strain named Slopoly, potentially generated using AI tools, was involved in an Interlock ransomware attack, allowing hackers to exfiltrate data over a week from compromised servers. Initiated through a ClickFix social engineering scam, Slopoly operates as a PowerShell script linked to a command-and-control (C2) framework. IBM X-Force identified unique coding features indicating AI-assisted creation, such as detailed code commentary and organized variable names. Despite its classification as “Polymorphic C2 Persistence Client,” researchers noted Slopoly lacks advanced self-modifying capabilities. Main functionalities include system info collection, command execution, and persistent beaconing. The threat actor group, Hive0163, focuses on extortion through data theft, previously targeting institutions like Texas Tech University and DaVita. Slopoly’s presence underscores the increasing sophistication of malware, driven by AI tools that enhance custom development and detection evasion. For comprehensive analysis on evolving malware trends, download the Red Report 2026.
Source link
Share
Read more