Threat Actors Weaponize AI Hype to Deliver AsyncRAT

Description

A sophisticated malware campaign exploits growing interest in artificial intelligence by distributing malicious files disguised as AI-related learning resources and technical guides. The attack employs an exceptionally complex multi-stage infection chain beginning with compressed archives containing LNK shortcuts and hidden PDF files. Through multiple layers of obfuscation involving PowerShell scripts, batch files, and AutoHotkey loaders, the campaign establishes persistent access and deploys two distinct .NET Remote Access Trojans including AsyncRAT. The intermediate scripts extensively use Simplified Chinese variable names and exhibit coding patterns suggesting AI-assisted development, with cultural references to Chinese mythology used as symbolic aliases for Windows API calls. The attack implements advanced techniques including process hollowing, reflective DLL injection, and scheduled task persistence while actively disabling Windows Defender exclusions to facilitate execution.