Generative AI is here to stay, and it’schanging the game in cybercrime. One of its most dangerous uses? Makingphishing attacks look more convincing. Gone are the days of obvious spelling errorsand poorly written emails—now, cybercriminals use AI to create polished,professional-sounding emails that trick even the savviest recipients.
The Dropper: How AsyncRAT Makes ItsMove
In June 2024, a new phishing email wasspotted using a common trick—an invoice-themed lure. But this time, it carriedsomething much more dangerous: AsyncRAT malware. The malicious email containedan encrypted HTML attachment designed to slip past detection. What’sinteresting? The AES encryption key was hidden inside JavaScript within theattachment. Once decrypted, the attachment launched a website that secretlycontained VBScript, acting as a dropper to deliver AsyncRAT onto the victim'ssystem.
AI’s Role in Crafting Attacks
Here’s where things get more unsettling.When researchers analyzed the VBScript and JavaScript, they found clear signsthat Generative AI had been used to create these scripts. The kicker? Thecybercriminals even left comments in the code, something rarely done sincehackers typically try to make their malware as hard to analyze as possible.This just shows how AI is not only helping to increase the rate ofcyber-attacks but also making it easier for criminals to create and deploymalware.
Beating AI: How to Stay Ahead
As cybercriminals embrace AI, it’s criticalthat we up our defenses. Here’s how you can stay ahead:
• Multi-layeredSecurity: Use a combination of firewalls, IDS, and endpoint protection tocreate multiple barriers against attacks.
• PhishingAwareness Training: Keep employees updated on the latest phishing tactics andteach them how to spot and respond to suspicious emails.
• RegularUpdates & Patching: Ensure systems are always up to date, and patch anyvulnerabilities as soon as they’re discovered.
.png)
.png)