LAMEHUG is an advanced AI-driven malware that utilizes large language models (LLMs) via the Hugging Face API for adaptive reconnaissance and data exfiltration. Unlike traditional malware, LAMEHUG generates environment-specific commands in real-time, enabling dynamic reconnaissance and targeted data collection. Disguised as AI image-generation tools, it spreads through spear-phishing emails featuring filenames like AI_generator_uncensored_Canvas_PRO_v0.9.exe.
Upon execution, LAMEHUG engages its LLM_QUERY_EX() function to collect sensitive system information and recursively copy files. Exfiltration occurs through SSH or HTTPS to a PHP endpoint, complicating detection efforts for security operations centers (SOCs). Analysts highlight the need for enhanced telemetry and abnormal behavior detection, as LAMEHUG’s activity mimics legitimate processes. Key detection strategies involve monitoring WMI commands and unusual AI-service DNS queries. By refining behavior-based defense mechanisms, SOC teams can effectively counter this innovative threat.
Follow us on Google News, LinkedIn, and X for updates.
Source link
