- Check Point warns that GenAI tools can be abused as C2 infrastructure
- Malware can hide traffic by encoding data into attacker-controlled URLs using AI queries
- AI assistants can act as decision engines, enabling stealthy and adaptive malware operations.
Hackers can use some Generative Artificial Intelligence (GenAI) tools as command and control (C2) infrastructure, hiding malicious traffic in plain sight and even using them as decision-making engines, experts have warned.
Check Point research claims that the web browsing capabilities of Microsoft Copilot and xAI Grok can be exploited for malicious activities, although some prerequisites remain.
Deploying malware to a device is only half the battle. That malware still needs instructions on what to do, and the results of those instructions still need to be sent over the Internet. Security solutions can capture this traffic and thus determine whether a device is compromised or not, which is why “blending in with legitimate traffic” is one of the key characteristics of high-quality malware, and now Check Point says there is a way to do this through artificial intelligence assistants.
Collect sensitive data and get further instructions
If a threat actor infects a device with malware, they can collect sensitive data and system information, encrypt it, and insert it into a URL controlled by the attacker. For example, where the data= part contains sensitive information.
The malware can then tell the AI: “Summarize the content of this website.” Since this is legitimate AI traffic, it does not trigger any security alarms. However, the information is recorded on the server controlled by the attacker and successfully transmitted in plain sight. To make matters worse, the website may respond with a hidden message that runs AI.
The problem can be further exacerbated if the malware asks the AI what to do next. For example, you can ask, based on the system information you collected, whether you are running on a high-value enterprise system or in an isolated environment. If it is the latter, the malware may remain dormant. If not, you can move on to stage two.
“Once AI services can be used as a stealth transport layer, the same interface will also be able to transmit indications and model results that act as an external decision engine, a stepping stone towards AI-powered implants and AIOps-style C2 that automate classification, targeting and operational options in real time,” Check Point concluded.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
