A new malware family named LameHug is infecting systems globally, leveraging technology similar to AI chatbots like ChatGPT, Gemini, and Claude. Discovered by Ukraine’s CERT-UA, LameHug employs large language models to generate and execute malicious commands targeting Windows PCs. Attributed to the Russian APT028 threat group, the malware is coded in Python and utilizes APIs from Hugging Face and the Qwen-2.5-Coder-32B-Instruct model by Alibaba Cloud. Attacks involve emails masquerading as Ukrainian officials, with malware delivered in ZIP files. Once infected, LameHug retrieves sensitive information from files on victims’ desktops and sends it to remote servers. This marks a significant milestone in cyber threats, as it represents the first documented use of LLMs for creating executable commands, making detection by security software increasingly challenging. The emergence of LameHug follows the discovery of another undetectable malware, Skynet, raising concerns over evolving cybersecurity threats.
Source link