Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide.
According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.
Manufacturing, government, healthcare, technology, and retail are some of the top sectors affected by the attacks, with India, the U.S., France, Italy, Brazil, Germany, the U.K., Norway, Spain, and Canada emerging as the regions with the most infections, indicating a global spread.
“This swift, widespread distribution across multiple regions strongly indicates that EvilAI is not an isolated incident but rather an active and evolving campaign currently circulating in the wild,” security researchers Jeffrey Francis Bonaobra, Joshua Aquino, Emmanuel Panopio, Emmanuel Roll, Joshua Lijandro Tsang, Armando Nathaniel Pedragoza, Melvin Singwa, Mohammed Malubay, and Marco Dela Vega said.
The campaign has been codenamed EvilAI by Trend Micro, describing the attackers behind the operation as “highly capable” owing to their ability to blur the line between authentic and deceptive software for malware distribution and their ability to conceal its malicious features in otherwise functional applications.
Some of the programs distributed using the method include AppSuite, Epi Browser, JustAskJacky, Manual Finder, OneStart, PDF Editor, Recipe Lister, and Tampered Chef. Some aspects of the campaign were documented in detail by Expel, G DATA, and TRUESEC last month.
What’s significant about the campaign is the lengths to which the attackers have gone to make these apps appear authentic and ultimately carry out a slew of nefarious activities in the background once installed, without raising any red flags. The deception is further enhanced by the use of signing certificates from disposable companies, as older signatures are revoked.
“EvilAI disguises itself as productivity or AI-enhanced tools, with professional-looking interfaces and valid digital signatures that make it difficult for users and security tools to distinguish it from legitimate software,” Trend Micro said.
The end goal of the campaign is to conduct extensive reconnaissance, exfiltrate sensitive browser data, and maintain encrypted, real-time communication with its command-and-control (C2) servers using AES-encrypted channels to receive attacker commands and deploy additional payloads.
It essentially makes use of several propagation methods, including using newly registered websites that mimic vendor portals, malicious ads, SEO manipulation, and promoted download links on forums and social media.
EvilAI, per Trend Micro, is used as a stager, chiefly acting as a conduit to gain initial access, establish persistence, and prepare the infected system for additional payloads, while taking steps to enumerate installed security software and hinder analysis.
“Rather than relying on obviously malicious files, these trojans mimic the appearance of real software to go unnoticed into both corporate and personal environments, often gaining persistent access before raising any suspicion,” the company said. “This dual-purpose approach ensures the user’s expectations are met, further lowering the chance of suspicion or investigation.”
Further analysis by G GATA has also determined that the threat actors behind OneStart, ManualFinder, and AppSuite are the same and that the server infrastructure is shared for distributing and configuring all these programs.
“They have been peddling malware disguised as games, print recipe, recipe finder, manual finder, and lately, adding the buzzword ‘AI’ to lure users,” security researcher Banu Ramakrishnan said.
Expel said the developers behind AppSuite and PDF Editor campaigns have used at least 26 code-signing certificates issued for companies in Panama and Malaysia, among others, over the last seven years to make their software appear legitimate.
The cybersecurity company is tracking the malware signed using these certificates under the name BaoLoader, adding it’s different from TamperedChef, citing differences in the behavioral differences and the certificate patterns.
It’s worth noting that the name TamperedChef was first attributed to a malicious recipe application that’s configured to set up a stealthy communication channel with a remote server and receive commands that facilitate data theft.
“TamperedChef used code-signing certificates issued to companies in Ukraine and Great Britain while BaoLoader consistently used certificates from Panama and Malaysia,” the company pointed out.
And that’s not all. Field Effect and GuidePoint Security have since uncovered more digitally signed binaries that masquerade as calendar and image viewer tools, and make use of the NeutralinoJS desktop framework to execute arbitrary JavaScript code and siphon sensitive data.
“The use of NeutralinoJS to execute JavaScript payloads and interact with native system APIs enabled covert file system access, process spawning, and network communication,” Field Effect said. “The malware’s use of Unicode homoglyphs to encode payloads within seemingly benign API responses allowed it to bypass string-based detection and signature matching.”
The Canadian cybersecurity company said the presence of several code-signing publishers across multiple samples suggests either a shared malware-as-a-service provider or a code-signing marketplace that facilitates broad distribution.
“The TamperedChef campaign illustrates how threat actors are evolving their delivery mechanisms by weaponizing potentially unwanted applications, abusing digital code signing, and deploying covert encoding techniques,” it said. “These tactics allow malware to masquerade as legitimate software, bypass endpoint defenses, and exploit user trust.”
