AI-Generated Code and Fake Apps Used for Far-Reaching Attacks

Description

A new malware campaign called EvilAI is spreading globally by disguising itself as legitimate AI-enhanced productivity tools. The malware uses AI-generated code and professional interfaces to evade detection, targeting organizations across sectors like manufacturing, government, and healthcare. It exploits Node.js to execute malicious JavaScript, establishes persistence through scheduled tasks and registry modifications, and communicates with command-and-control servers using encrypted channels. EvilAI enumerates installed software, terminates browser processes, and duplicates credential data. It employs sophisticated obfuscation and anti-analysis techniques to hinder reverse engineering. The malware acts as an initial access vector, potentially deploying additional payloads. This campaign highlights how AI is being weaponized to create increasingly stealthy and adaptive malware threats.