On July 18, 2025, Ukraine’s Computer Emergency Response Team (CERT-UA) revealed a phishing attack involving malware named LAMEHUG. This new malware utilizes a Large Language Model (LLM) to generate commands from textual descriptions. The attack is linked to the Russian hacking group APT28, also known as Fancy Bear. After reports surfaced on July 10 regarding compromised emails impersonating government officials, CERT-UA identified LAMEHUG embedded within ZIP files, including variants such as “Додаток.pif” and “AI_generator_uncensored_Canvas_PRO_v0.9.exe.” Developed in Python and leveraging Alibaba Cloud’s Qwen2.5-Coder-32B-Instruct, LAMEHUG can extract sensitive information, which is sent to an attacker-controlled server. This incident highlights how threat actors exploit legitimate services like Hugging Face for command-and-control purposes, circumventing detection. Cybersecurity firms warned of emerging malware techniques that resist AI analysis, predicting an uptick in adversarial tactics as generative AI becomes integrated into security frameworks.
Source link