Microsoft’s Detection and Response Team has unveiled SesameOp, an advanced backdoor malware exploiting the OpenAI Assistants API for command-and-control (C2) operations. This innovative tactic allows threat actors to blend malicious traffic with legitimate API communications, complicating detection efforts by security teams. Discovered in July 2025, SesameOp represents a significant shift from traditional malware methodologies, utilizing the API for storage and relay of malicious commands. The loader, Netapi64.dll, employs .NET AppDomainManager injection and uses sophisticated encryption techniques to conceal communications. Despite its apparent integration with OpenAI SDKs, the malware manipulates the API to covertly execute commands on compromised systems. An in-depth investigation led to the disabling of the compromised API key, underscoring the importance of robust security measures. Microsoft advises organizations to strengthen defenses against such threats through enhanced monitoring, network segmentation, and automated protection strategies. Ongoing collaboration between Microsoft and OpenAI aims to thwart the misuse of emerging technologies.
Source link
