Mastodon Feed
Reblogged by keul@fosstodon.org ("Luca Fabbri"):
mikarv@someone.elses.computer ("Michael Veale") wrote:
Hewlett Packard report that they are spotting AI-generated malware in the wild, not through complex analysis or watermarking, but because… it is weirdly well-commented. https://threatresearch.ext.hp.com/wp-content/uploads/2024/09/HP_Wolf_Security_Threat_Insights_Report_September_2024.pdf
Attachments:
- Interestingly, when we analyzed the VBScript and the JavaScript, we were surprised to find that the code was not obfuscated. In fact, the attacker had left comments throughout the code, describing what each line does even for simple functions. Genuine code comments in malware are rare because attackers want to their make malware as difficult to understand as possible. Based on the scripts’ structure, consistent comments for each function and the choice of function names and variables, we think it’s highly likely that the attacker used GenAI to develop these scripts (T1588.007). The activity shows how GenAI is accelerating attacks and lowering the bar for cybercriminals to infect endpoints. (remote)
- Code with French language commentary for even simple functions, such as a sleep(5000) function annotated with ‘Pause pour permettre l'arrêt du processus’ (remote)
