Artificial intelligence-generated malware has been launched against Windows and Linux systems through the exploitation of the popular self-hosted AI interface Open WebUI, according to SiliconANGLE.
Inadvertent exposure of an Open WebUI-based training system allowed threat actors to upload a nefarious obfuscated Python script enabling command execution and additional payload delivery, with malware facilitating credential theft, hardware discovery, and sandbox bypass deployed on Windows systems and the XMRig and T-Rex cryptominers distributed for cryptojacking efforts on Linux systems, a report from Sysdig's Threat Research Team revealed. Despite the significant use of AI in the malicious script's code, Sysdig's runtime threat detection enabled real-time identification of miner communication protocols, domain lookups, and other suspicious activity via threat intelligence, YARA rules, and behavioral detections. Such findings, which show the increasing use of generative AI for malware development, should prompt the implementation of multilayer threat detection-integrated runtime security, said researchers.
Inadvertent exposure of an Open WebUI-based training system allowed threat actors to upload a nefarious obfuscated Python script enabling command execution and additional payload delivery, with malware facilitating credential theft, hardware discovery, and sandbox bypass deployed on Windows systems and the XMRig and T-Rex cryptominers distributed for cryptojacking efforts on Linux systems, a report from Sysdig's Threat Research Team revealed. Despite the significant use of AI in the malicious script's code, Sysdig's runtime threat detection enabled real-time identification of miner communication protocols, domain lookups, and other suspicious activity via threat intelligence, YARA rules, and behavioral detections. Such findings, which show the increasing use of generative AI for malware development, should prompt the implementation of multilayer threat detection-integrated runtime security, said researchers.
