AI/ML, Malware, Threat Intelligence

AI-generated vibeware spread in new APT36 campaign

Business man using computer hand close up futuristic cyber space decentralized finance AI chatbot coding background business data analytics programming network metaverse digital world technology

(Adobe Stock)

Intrusions with vibeware, or sloppy AI-generated code, have been launched by Pakistan-linked threat group APT36, also known as Transparent Tribe, in a bid to compromise Indian government networks without raising security system alarms, HackRead reports.

After using fraudulent resume PDFs and Google Sheets to facilitate the distribution of payloads for initial access, APT36 proceeded to deploy the BackupSpy watcher tool that comprehensively scans drives and USB devices for subsequent vibeware delivery, according to Bitdefender analysts. Despite the faulty functioning of most injected tools, one of which lacked a destination for exfiltrated data, the LuminousCookie tool was observed to have effectively circumvented App-Bound Encryption to pilfer browser-stored credentials.

Aside from attempting to redirect blame for the operation to India, as evident with the inclusion of the common Hindu name "Kumar" within the vibeware's code, APT36 also sought to conceal illicit activity by using a Discord server referencing the protagonist of the popular anime Solo Leveling.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionCovert ChannelsData MiningDeauthentication AttackDefacementDictionary AttackDrive-by DownloadGoogle HackingInformation WarfarePassword Cracking

You can skip this ad in 5 seconds