Malware

Threat actor uses AI-generated malware in network intrusion

A threat actor has been caught using AI-generated malware in a real network intrusion, deploying a PowerShell script that was "vibe-coded" to map out an Active Directory environment, according to Huntress. The script was recovered and rebuilt from an incident on June 3, serving as a case study in how criminals are weaponizing AI, with further coverage provided by Infosecurity Magazine.

The AI-generated tool, titled "100% Working AD Information Gathering Script - FULLY FIXED," exhibited several hallmarks of LLM assistance, including a placeholder server name, over-engineering with multiple fallback methods, and a "pretty" console output using excessive colors, Huntress said. Once it located the domain controller, the script harvested Active Directory users, computers, groups, and trusts, compiling the data into spreadsheets and generating an HTML report. The intrusion itself followed a familiar pattern: the attacker used stolen credentials to log in via RDP, staged tools in a common Windows folder, and then ran the AI-generated script for network reconnaissance. Data exfiltration was handled using legitimate cloud tools.

The primary challenge for defenders is detection, as the unique, one-off nature of the AI-generated script renders traditional signature-based antivirus methods ineffective. This trend highlights the need for behavioral analytics to detect underlying malicious actions rather than relying on known malware signatures.

Source: Infosecurity Magazine

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds