HP’s latest report shows how cybercriminals are leveraging AI to create malware.
HP’s latest Threat Insights report sheds light on how cybercriminals are using Generative AI Taking advantage of new techniques to create malware and bypass security systems. The report uncovers the growing threat of AI-assisted attacks and highlights how attackers are embedding malicious code into files such as SVG images and distributing malware through polish. have been Wrong campaigns. HP’s research team warns that these evolving methods are making it easier for cybercriminals to infect devices and steal sensitive information. Based on data from millions of endpoints running HP Wolf Security, the report provides a detailed overview of the latest cyber threats facing individuals and organizations today.
AI-assisted malware development
The report shows how generative AI (GenAI) is now being used to write sophisticated malware. Cybercriminals are leveraging GenAI not only to develop realistic phishing schemes, but also to create malicious code. HP’s research team identified a campaign that used GenAI to develop malware targeting French-speaking users. The malware was written using VBScript and JavaScript, with clear signs that GenAI helped create it, including well-documented code with comments explaining each function. The attack used AsyncRAT infostealer, which allows Hackers to monitor victims’ screens and keystrokes, demonstrating how AI is lowering the barrier for cybercriminals.
Errors leading to rogue PDF tools
One of the most alarming discoveries is the rapid rise of ChromeLoader campaigns that rely on the flaw. These campaigns use popular search terms to lure victims to websites offering legitimate-looking tools like PDF readers and converters. However, when users install these tools, they unwittingly download malicious MSI files embedded within the software. By using valid code-signing certificates, attackers bypass Windows security warnings, making it easy for malware to take control of users’ browsers and redirect search queries to malicious sites.
SVG images contain malware.
Cybercriminals are also turning to Scalable Vector Graphics (SVG) images to hide malware. Unlike traditional image files, SVG images use an XML-based format in which JavaScript can be embedded. When victims open these seemingly innocent images, malicious code is executed in their browsers, installing the InfoStealer malware. This approach highlights how attackers are diversifying their strategies, making it harder for victims to detect the threat.
Diverse attack methods
HP’s report also notes a troubling trend in email security. At least 12% of email threats bypassed one or more email gateway scanners. Email attachments lead the way for malware delivery, with 61% of threats coming via attachments, followed by downloads from browsers (18%) and removable storage devices (21%). Archives, particularly zip files, were the most popular method of delivering malware, accounting for 39 percent of attacks.
As cybercriminals continue to improve their methods and take advantage of new technologies, HP advises individuals and organizations to remain vigilant and strengthen their cybersecurity defenses.