AI Waifu RAT: A Ring3 malware-like RAT based on LLM manipulation is circulating in the wild

Sept. 1, 2025, 10:33 a.m.

Description

A niche LLM role-playing community is being targeted by a sophisticated social engineering attack disguised as an AI character enhancement tool. The 'AI Waifu RAT' is a Remote Access Trojan marketed as a feature allowing AI characters to interact with users' computers. The RAT, distributed under the guise of a research project, enables arbitrary code execution and file access on victims' machines. The attacker, posing as a CTF player, exploits community trust and curiosity about novel AI capabilities. The RAT's design allows for potential botnet control, third-party hijacking, and remote exploitation. The incident highlights the dangers of executing untrusted input and the importance of maintaining security vigilance even within trusted communities.

External References

https://ryingo.gitbook.io/writeups-ai_waifu_rat/
https://otx.alienvault.com/pulse/68b56d25e9b504f049c0911a
Tags
backdoor
rat
social engineering
ai
llm
code execution
threat actor
ctf
2025-09-01
ai waifu rat

Date

  • Created: Sept. 1, 2025, 9:53 a.m.
  • Published: Sept. 1, 2025, 9:53 a.m.
  • Modified: Sept. 1, 2025, 10:33 a.m.

Indicators

  • fdf461a6bd7e806b45303e3d7a76b5916a4529df2f4dff830238473c616ac6f9
  • f64dbd93cb5032a2c89cfaf324340349ba4bd4b0aeb0325d4786874667100260
  • 7c3088f536484eaa91141ff0c10da788240f8873ae53ab51e1c770cf66c04b45
  • cda5ecf4db9104b5ac92b998ff60128eda69c2acab3860a045d8e747b6b5a577
  • 6e0ea9d2fc8040ce22265a594d7da0314987583c0f892c67e731947b97d3c673
  • 11b07ef15945d2f1e7cf192e49cbf670824135562c9b87c20ebd630246ad1731
  • 004ad99f3884206a1a9922350bcd14f3e219c7b3fe503a848e12e36209f1a6fb
Download all indicators here!

Attack Patterns

  • AI Waifu RAT
  • KazePsi

Additional Informations

  • Taiwan
  • China