Security Affairs reports that the AsyncRAT malware has been distributed through a generative artificial intelligence-generated dropper as part of a phishing campaign discovered in June.
Attackers utilized HTML smuggling to stealthily deliver invoice-themed phishing lures with an encrypted HTML attachment, which when decrypted triggers a VBScript dropper that deploys a JavaScript file before delivering AsyncRAT, an analysis from HP Wolf Security revealed. Further examination of the VBScript and JavaScript showed a lack of code obfuscation and the presence of attacker comments, both of which are rare in malware code, indicating the likelihood of generative AI utilization in its creation.
"The scripts’ structure, comments, and choice of function names and variables were strong clues that the threat actor used GenAI to create the malware. The activity shows how GenAI is accelerating attacks and lowering the bar for cybercriminals to infect endpoints," said the report.