A new malware campaign called EvilAI is spreading globally by disguising itself as legitimate AI-enhanced productivity tools. The malware uses AI-generated code and professional interfaces to evade detection, targeting organizations across sectors like manufacturing, government, and healthcare. It exploits Node.js to execute malicious JavaScript, establishes persistence through scheduled tasks and registry modifications, and communicates with command-and-control servers using encrypted channels. EvilAI enumerates installed software, terminates browser processes, and duplicates credential data. It employs sophisticated obfuscation and anti-analysis techniques to hinder reverse engineering. The malware acts as an initial access vector, potentially deploying additional payloads. This campaign highlights how AI is being weaponized to create increasingly stealthy and adaptive malware threats. Author: AlienVault
Related Tags:
fake applications
ai-generated code
EvilAI
node.js
Financial Services
T1059.007
T1573.001
British Indian Ocean Territory
T1027.002
Associated Indicators:
95001359FB671D0E6D97F37BD92642CC993E517D2307F373BFA9893639F1A2BC
9F369E63B773C06588331846DD247E48C4030183DF191BC53D341FCC3BE68851
49A4442E73521ECCA8E56EB6DBC33F31EB7CFA5E62A499E552BCD29A29D79D8A
AD0655B17BBDBD8A7430485A10681452BE94F5E6C9C26B8F92E4FCBA291C225A
8ECD3C8C126BE7128BF654456D171284F03E4F212C27E1B33F875B8907A7BC65
CF45AB681822D0A4F3916DA00ABD63774DA58EB7E7BE756FB6EC99C2C8CCA815
A93907E77340E4AADCC66E1AFB9D342789F0CBD1
42C1F090BEEBA928F1BE0160B52CE60DFD7424EC
8B15F1CDE7DA921E10B47A8B3771E5EA83A42733