A new AI-driven malware campaign, named EvilAI, has arisen, representing a sophisticated evolution in cyberthreats. It utilizes AI-generated code alongside traditional trojan techniques to infiltrate systems discreetly while mimicking legitimate applications like “Recipe Lister” and “PDF Editor.” This dual-function approach significantly diminishes user suspicion, allowing malware to operate undetected.
Global telemetry indicates widespread infections, with Europe reporting the highest incidences at 56 cases, followed by the Americas and AMEA regions with 29 each. The malware employs advanced social engineering, creating entirely new applications, complicating detection for traditional security systems.
EvilAI’s infection begins with the launch of seemingly legitimate apps, escalating into covert Node.js execution processes. Its persistence mechanisms involve creating scheduled tasks and registry entries, ensuring automatic execution at user logon. The malware’s evasion techniques include anti-analysis loops, forcing reliance on dynamic analysis rather than static scrutiny. Companies must bolster their security measures to combat this evolving threat landscape.
Source link
