HP's Threat Insights Report reveals a concerning trend: cybercriminals are increasingly using generative AI to write malicious code, particularly targeting users with lower technical skills.

The phishing campaign specifically targeted French users, embedding a ZIP archive containing the malicious scripts.

Indicators of generative AI usage in the malware included well-commented functions and AI-like variable names, suggesting that even novice attackers could exploit these tools to develop sophisticated attacks.

Dr. Ian Pratt emphasizes the importance of a defense-in-depth strategy for businesses to mitigate common attack routes as these tactics evolve.

Researchers at HP Wolf Security discovered a specific campaign where generative AI was employed to create VBScript and JavaScript, facilitating the distribution of AsyncRAT, an open-source remote access trojan.

This AI-generated malware was delivered through a phishing email that featured an invoice-themed lure and an encrypted HTML attachment, which was intercepted in June 2024.

The ability to create malware using generative AI significantly lowers the barrier for entry for inexperienced threat actors, potentially leading to an increase in damaging cyberattacks.

In addition to AsyncRAT, cybercriminals are now embedding malware in SVG images, exploiting their automatic execution in browsers to install infostealer malware.

The report also highlights that archives remain the most popular delivery method for malware, with HTML smuggling techniques being employed to bypass security measures.

The lack of obfuscation and the presence of detailed comments in the malware code indicate an inexperienced attacker, further supporting the notion of generative AI's role in its development.

This incident marks a significant data point indicating the real-world application of generative AI in malware development, hinting at future advancements in AI-generated payloads.

Patrick Schläpfer, Principal Threat Researcher at HP, highlighted the rarity of evidence regarding AI's use by attackers, making these findings particularly significant.