Infosecurity Magazine reports that an artificial intelligence-generated iteration of the Lcryx ransomware has been integrated into the newest version of the H2miner cryptomining botnet.
H2miner operators may have conducted such a move to either bolster earnings or better conceal illicit activity, a report from FortiGuard Labs' FortiCNAPP team showed. Additional analysis of the AI-generated Lcryx ransomware strain revealed significant vulnerabilities. Aside from having several functions repeated, the Lcryx ransomware version's script also had flawed encryption logic and malformed syntax, while performing irrational behaviors. Researchers also discovered that the AI-generated Lcryx ransomware had an .onion address that did not follow TOR address specifications, as well as a malfunctioning antivirus deactivation feature. "The campaign reflects a broader trend: the commodification of cybercrime, where access to prebuilt tools, LLM-generated code, and cheap infrastructure lowers the barrier to entry, enabling even low-skill actors to launch high-impact campaigns," said researchers.
H2miner operators may have conducted such a move to either bolster earnings or better conceal illicit activity, a report from FortiGuard Labs' FortiCNAPP team showed. Additional analysis of the AI-generated Lcryx ransomware strain revealed significant vulnerabilities. Aside from having several functions repeated, the Lcryx ransomware version's script also had flawed encryption logic and malformed syntax, while performing irrational behaviors. Researchers also discovered that the AI-generated Lcryx ransomware had an .onion address that did not follow TOR address specifications, as well as a malfunctioning antivirus deactivation feature. "The campaign reflects a broader trend: the commodification of cybercrime, where access to prebuilt tools, LLM-generated code, and cheap infrastructure lowers the barrier to entry, enabling even low-skill actors to launch high-impact campaigns," said researchers.
