Threat actors are increasingly exploiting legitimate-looking AI tools to deliver malware globally, identified in a campaign dubbed “EvilAI” by Trend Micro. This operation targets sectors including manufacturing, healthcare, and technology across regions like Europe, the Americas, and AMEA, particularly affecting countries such as India, the U.S., and Germany. The attackers skillfully disguise malware in applications such as AppSuite and PDF Editor, using valid digital signatures and professional interfaces to deceive users and security systems alike. Key objectives of EvilAI include reconnaissance, exfiltration of sensitive data, and sustained communication with command-and-control servers using AES encryption. Techniques such as SEO manipulation, malicious ads, and replicas of vendor portals are employed for distribution. Notably, the campaign employs multiple code-signing certificates from various countries to enhance legitimacy. As cyber threats evolve, vigilance is essential to protect sensitive data from these sophisticated tactics, which exploit user trust and evade detection.
Source link
