HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper. The use of gen-AI on the dropper is almost certainly an evolutionary step toward genuinely new AI-generated malware payloads.

In June 2024, HP discovered a phishing email with the common invoice themed lure and an encrypted HTML attachment; that is, HTML smuggling to avoid detection. Nothing new here – except, perhaps, the encryption. Usually, the phisher sends a ready-encrypted archive file to the target. “In this case,” explained Patrick Schlapfer, principal threat researcher at HP, “the attacker implemented the AES decryption key in JavaScript within the attachment. That’s not common and is the primary reason we took a closer look.” HP has now reported on that closer look.

The decrypted attachment opens with the appearance of a website but contains a VBScript and the freely available AsyncRAT infostealer. The VBScript is the dropper for the infostealer payload. It writes various variables to the Registry; it drops a JavaScript file into the user directory, which is then executed as a scheduled task. A PowerShell script is created, and this ultimately causes execution of the AsyncRAT payload. 

All of this is fairly standard but for one aspect. “The VBScript was neatly structured, and every important command was commented. That’s unusual,” added Schlapfer. Malware is usually obfuscated containing no comments. This was the opposite. It was also written in French, which works but is not the general language of choice for malware writers. Clues like these made the researchers consider the script was not written by a human, but for a human by gen-AI.

They tested this theory by using their own gen-AI to produce a script, with very similar structure and comments. While the result is not absolute proof, the researchers are confident that this dropper malware was produced via gen-AI.

But it’s still a bit strange. Why was it not obfuscated? Why did the attacker not remove the comments? Was the encryption also implemented with the help of AI? The answer may lie in the common view of the AI threat – it reduces the barrier of entry for malicious newcomers.

“Usually,” explained Alex Holland, co-lead principal threat researcher with Schlapfer, “when we assess an attack, we examine the skills and resources required. In this case, there are minimal necessary resources. The payload, AsyncRAT, is freely available. HTML smuggling requires no programming expertise. There is no infrastructure, beyond one C&C server to control the infostealer. The malware is basic and not obfuscated. In short, this is a low grade attack.”

This conclusion strengthens the possibility that the attacker is a newcomer using gen-AI, and that perhaps it is because he or she is a newcomer that the AI-generated script was left unobfuscated and fully commented. Without the comments, it would be almost impossible to say the script may or may not be AI-generated.

This raises a second question. If we assume that this malware was generated by an inexperienced adversary who left clues to the use of AI, could AI be being used more extensively by more seasoned adversaries who wouldn’t leave such clues? It’s possible. In fact, it’s likely – but it is largely undetectable and unprovable.

“We’ve known for some time that gen-AI could be used to generate malware,” said Holland. “But we haven’t seen any definitive proof. Now we have a data point telling us that criminals are using AI in anger in the wild.” It’s another step on the path toward what is expected: new AI-generated payloads beyond just droppers.

“I think it is very difficult to predict how long this will take,” continued Holland. “But given how quickly the capability of gen-AI technology is growing, it’s not a long term trend. If I had to put a date to it, it will certainly happen within the next couple of years.”

With apologies to the 1956 movie ‘Invasion of the Body Snatchers’, we’re on the verge of saying, “They’re here already! You’re next! You’re next!”

Related: Cyber Insights 2023 | Artificial Intelligence

Related: Criminal Use of AI Growing, But Lags Behind Defenders

Related: Get Ready for the First Wave of AI Malware