Symantec recorded an increase in the number of attacks in which attackers use large language language Models (LLM) to create malicious code. These models, originally designed to generate texts, can also be used for illegal purposes.
In one of the recent campaigns, attackers sent phishing letters with nested ZIP archives containing malicious LNK files. These files, being launched, activated PowerShell scripts generated using LLM, which led to the installation of malicious programs.
In another attack, attackers used LLM to generate an HTML code, which was performed when opening a malicious investment. This code loaded additional useful loads. The HTML file was small and quickly loaded, which complicated its detection.
After the opening of the investment, the user saw a simple web page, while the malicious program has already been launched in the background. This campaign used such harmful programs such as Dunihi, Modiloader and Lokibot.
Thus, AI is capable of not only revolutionizing the world, but also cybercrime. LLM tools reduce the entrance threshold for attackers and increase their levels. Symantec continues to fight new threats, providing protection against attacks, probably generated with LLM.