Microsoft security researchers have identified a new backdoor malware, SesameOp, which utilizes the OpenAI Assistants API for covert command-and-control operations. Discovered by the Detection and Response Team during investigations into a July 2025 cyberattack, SesameOp enables persistent remote access to compromised devices by leveraging legitimate cloud services, eliminating the need for traditional malicious infrastructure. The malware fetches and executes encrypted commands through the OpenAI API, utilizing both symmetric and asymmetric encryption for data transmission. The attack chain involved an obfuscated loader and a .NET-based backdoor injected into Microsoft Visual Studio utilities. Microsoft clarified that SesameOp does not exploit OpenAI’s vulnerabilities but misuses existing capabilities of the API, which is set for deprecation in August 2026. Mitigation strategies recommended by Microsoft include auditing firewall logs, enabling tamper protection, and configuring endpoint detection in block mode to safeguard against such malware attacks.
Source link
Share
Read more