AI-generated malware Slopoly used in Interlock ransomware attacks

As reported by Bleeping Computer, a new malware strain named Slopoly, believed to be developed using generative AI tools, has been identified as a component in recent Interlock ransomware attacks. This backdoor allowed attackers to maintain access to compromised servers for over a week, facilitating significant data exfiltration.

The attack chain begins with the social engineering tactic known as ClickFix. Once inside a system, threat actors deploy Slopoly as a PowerShell script, functioning as a client for a command-and-control (C2) framework. IBM X-Force researchers noted unusual code structure, extensive comments, and well-defined variables, suggesting AI assistance in its creation. While Slopoly itself is not highly sophisticated, its use by the financially motivated Hive0163 group highlights the growing trend of AI accelerating custom malware development to evade detection.

The malware collects system information, executes commands remotely, and establishes persistence through scheduled tasks. In observed attacks, Slopoly was deployed alongside other backdoors like NodeSnake and InterlockRAT, culminating in the Interlock ransomware payload.

Source: Bleeping Computer