Increase in Distribution of AutoIt Compile Malware via Phishing Emails

Description

The distribution of malware compiled with AutoIt has been rapidly increasing, surpassing .NET-type malware. AutoIt, a scripting language for Windows automation, is preferred due to its ease of compilation into EXE files and fewer dependencies. The trend began in August 2024, with AutoIt malware nearly matching .NET malware distribution by December. XLoader was the most distributed malware, followed by SnakeKeylogger, RedLine, AgentTesla, and RemcosRAT. The report discusses the structure of AutoIt executables, noting changes in how the script is included and encrypted in different versions. Three specific cases of AutoIt malware distribution are mentioned, highlighting the growing threat posed by this type of malware in phishing campaigns.