AI-Enhanced Malware Campaign Targeting Multiple Sectors
Summary
Hide ▲
Show ▼
The AI-enhanced malware campaign, dubbed EvilAI, continues to target organizations globally, with infections confirmed in multiple regions including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region. The malware, disguised as legitimate productivity and AI-enhanced apps, has infected hundreds of victims across manufacturing, government, healthcare, technology, and retail sectors. The campaign uses various propagation methods, including newly registered websites, malicious ads, SEO manipulation, and promoted download links on forums and social media. The malware performs extensive reconnaissance, disables security products, and uses obfuscation techniques to avoid detection, acting as an initial access broker for future exploit activity. The campaign, first identified in September 2025, has been observed using AI tools to distribute malware. The malware is concealed within seemingly legitimate apps, leveraging digital signatures and realistic features to evade detection. The threat actors behind the campaign are highly capable, using sophisticated techniques to make the malware appear authentic. The malware uses NeutralinoJS to execute JavaScript code and siphon sensitive data, employing Unicode homoglyphs to bypass detection. The presence of multiple code-signing publishers suggests a shared malware-as-a-service provider or a code-signing marketplace.
Timeline
-
11.09.2025 21:37 2 articles · 18d ago
AI-Enhanced Malware Campaign Targeting Multiple Sectors
The malware campaign, dubbed EvilAI, has infected organizations in multiple regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region. The top affected sectors include manufacturing, government, healthcare, technology, and retail. The regions with the most infections include India, the U.S., France, Italy, Brazil, Germany, the U.K., Norway, Spain, and Canada. The malware uses various propagation methods, including newly registered websites that mimic vendor portals, malicious ads, SEO manipulation, and promoted download links on forums and social media. The malware is used as a stager to gain initial access, establish persistence, and prepare the infected system for additional payloads.
Show sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
Information Snippets
-
The malware campaign, named EvilAI, targets multiple sectors including manufacturing, government, and healthcare.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware is disguised as legitimate productivity and AI-enhanced apps with names like App Suite, Epi Browser, Manual Finder, and Tampered Chef.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The apps feature professionally crafted user interfaces and real, working features to appear genuine.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware uses AI-generated code to evade antivirus and threat detection tools.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The threat actor uses digital signatures from newly registered entities to sign the malicious apps.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware performs extensive reconnaissance, disables security products, and uses obfuscation techniques.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware is believed to be setting the stage for future exploit activity, potentially acting as an initial access broker.
First reported: 11.09.2025 21:372 sources, 2 articlesShow sources
- AI-Enhanced Malware Sports Super-Stealthy Tactics — www.darkreading.com — 11.09.2025 21:37
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware campaign, dubbed EvilAI, has infected organizations in multiple regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The top affected sectors include manufacturing, government, healthcare, technology, and retail.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The regions with the most infections include India, the U.S., France, Italy, Brazil, Germany, the U.K., Norway, Spain, and Canada.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware uses newly registered websites that mimic vendor portals, malicious ads, SEO manipulation, and promoted download links on forums and social media for propagation.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware is used as a stager to gain initial access, establish persistence, and prepare the infected system for additional payloads.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The threat actors behind OneStart, ManualFinder, and AppSuite are the same, sharing server infrastructure for distribution and configuration.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware signed using code-signing certificates issued for companies in Panama and Malaysia is tracked under the name BaoLoader.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
TamperedChef and BaoLoader are different, with distinct behavioral differences and certificate patterns.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The malware uses NeutralinoJS to execute JavaScript code and siphon sensitive data, employing Unicode homoglyphs to bypass detection.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
-
The presence of multiple code-signing publishers suggests a shared malware-as-a-service provider or a code-signing marketplace.
First reported: 29.09.2025 19:361 source, 1 articleShow sources
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations — thehackernews.com — 29.09.2025 19:36
Similar Happenings
Oyster Malware Distributed via Fake Microsoft Teams Installers
A new malvertising campaign uses SEO poisoning to distribute fake Microsoft Teams installers that deploy the Oyster backdoor on Windows devices. The malware provides attackers with remote access to corporate networks, enabling command execution, payload deployment, and file transfers. The campaign targets users searching for 'Teams download,' leading them to a fake site that mimics Microsoft's official download page. The malicious installer, signed with legitimate certificates, drops a DLL into the %APPDATA%\Roaming folder and creates a scheduled task for persistence. The Oyster malware, also known as Broomstick and CleanUpLoader, has been linked to multiple campaigns and ransomware operations, such as Rhysida.
XCSSET macOS Malware Targets Xcode Developers with Enhanced Features
A new variant of the XCSSET macOS malware has been detected, targeting Xcode developers with enhanced features. This variant includes improved browser targeting, clipboard hijacking, and persistence mechanisms. The malware spreads by infecting Xcode projects, stealing cryptocurrency, and browser data from infected devices. The malware uses run-only compiled AppleScripts for stealthy execution and employs sophisticated encryption and obfuscation techniques. It incorporates new modules for data exfiltration, persistence, and clipboard monitoring. The malware has been observed in limited attacks, with Microsoft sharing findings with Apple and GitHub to mitigate the threat. Developers are advised to keep macOS and apps up to date and inspect Xcode projects before building them.
CISA Emergency Directive 25-03: Mitigation of Cisco ASA Zero-Day Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03, mandating federal agencies to identify and mitigate zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) exploited by an advanced threat actor. The directive requires agencies to account for all affected devices, collect forensic data, and upgrade or disconnect end-of-support devices by September 26, 2025. The vulnerabilities allow threat actors to maintain persistence and gain network access. Cisco identified multiple zero-day vulnerabilities (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363, and CVE-2025-20352) in Cisco ASA, Firewall Threat Defense (FTD) software, and Cisco IOS software. These vulnerabilities enable unauthenticated remote code execution, unauthorized access, and denial of service (DoS) attacks. GreyNoise detected large-scale campaigns targeting ASA login portals and Cisco IOS Telnet/SSH services, indicating potential exploitation of these vulnerabilities. The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade. CISA and Cisco linked these ongoing attacks to the ArcaneDoor campaign, which exploited two other ASA and FTD zero-days (CVE-2024-20353 and CVE-2024-20359) to breach government networks worldwide since November 2023. CISA ordered agencies to identify all Cisco ASA and Firepower appliances on their networks, disconnect all compromised devices from the network, and patch those that show no signs of malicious activity by 12 PM EDT on September 26. CISA also ordered that agencies must permanently disconnect ASA devices that are reaching the end of support by September 30 from their networks. The U.K. National Cyber Security Centre (NCSC) confirmed that threat actors exploited the recently disclosed security flaws in Cisco firewalls to deliver previously undocumented malware families like RayInitiator and LINE VIPER. Cisco began investigating attacks on multiple government agencies in May 2025, linked to the state-sponsored ArcaneDoor campaign. The attacks targeted Cisco ASA 5500-X Series devices to implant malware, execute commands, and potentially exfiltrate data. The threat actor modified ROMMON to facilitate persistence across reboots and software upgrades. The compromised devices include ASA 5500-X Series models running specific software releases with VPN web services enabled. The Canadian Centre for Cyber Security urged organizations to update to a fixed version of Cisco ASA and FTD products to counter the threat.
Brickstorm Malware Used in Long-Term Espionage Against U.S. Organizations
The UNC5221 activity cluster, attributed to suspected Chinese hackers, has been using the BRICKSTORM malware in long-term espionage operations against U.S. organizations in the technology, legal, SaaS, and BPO sectors. The malware, a Go-based backdoor, has been active for over a year, with an average dwell time of 393 days. It has been used to steal data from various sectors, including SaaS providers and BPOs. The attackers exploit vulnerabilities in edge devices and use anti-forensics techniques to avoid detection. The malware serves multiple functions, including web server, file manipulation, dropper, SOCKS relay, and shell command execution. It targets appliances without EDR support, such as VMware vCenter/ESXi, and uses legitimate traffic to mask its C2 communications. The attackers aim to exfiltrate emails and maintain stealth through various tactics, including removing the malware post-operation to hinder forensic investigations. The attackers use a malicious Java Servlet Filter (BRICKSTEAL) on vCenter to capture credentials, and clone Windows Server VMs to extract secrets. The stolen credentials are used for lateral movement and persistence, including enabling SSH on ESXi and modifying startup scripts. The malware exfiltrates emails via Microsoft Entra ID Enterprise Apps, utilizing its SOCKS proxy to tunnel into internal systems and code repositories. UNC5221 focuses on developers, administrators, and individuals tied to China's economic and security interests. Mandiant has released a free scanner script to help defenders detect BRICKSTORM. The BRICKSTORM backdoor is under active development, with a variant featuring a delay timer for C2 communication. The attackers have exploited Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) for initial access. The attackers have used a custom dropper to install a malicious Java Servlet filter (BRICKSTEAL) in memory, avoiding detection. The attackers have modified init.d, rc.local, or systemd files to ensure persistence on appliances. The attackers have targeted Windows environments in Europe since at least November 2022. The attackers have been linked to other related Chinese threat actors besides UNC5221. The campaign has been monitored by Mandiant since March 2025. The attackers have targeted downstream customers of compromised SaaS providers. The attackers are believed to be analyzing stolen source code to identify zero-day vulnerabilities in enterprise technologies. The attackers use a delay timer to lie dormant on infected systems until a hard-coded date. The malware employs Garble, an open-source tool, for code obfuscation to hide function names, structures, and logic. Brickstorm has been found on VMware vCenter and ESXi hosts, often deployed prior to pivoting to these systems. The attackers use legitimate cloud services like Cloudflare Workers or Heroku for C2 communications. The attackers use dynamic domains like sslip.io or nip.io that point directly to the C2 server’s IP. The attackers favor appliance and management-plane compromise, per-victim obfuscated Go binaries, delayed-start implants, and Web/DoH C2 to preserve stealth. The attackers harvest and use valid high-privilege credentials to appear as routine administrator tasks. The attackers deploy in-memory servlet filters, remove installer artifacts, and embed delayed-start logic to limit forensic traces. The attackers abuse virtualization management capabilities, such as cloning VMs to extract credential stores offline. The attackers deploy an in-memory Java Servlet filter on vCenter to intercept and decode web authentication to harvest high-privilege credentials. The attackers use a SOCKS proxy on compromised appliances to tunnel into internal networks for interactive access and file retrieval.
Exploitation of Ivanti EPMM Vulnerabilities (CVE-2025-4427, CVE-2025-4428) Leads to Malware Deployment
Two malware strains were discovered in an organization's network after attackers exploited two zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, CVE-2025-4427 and CVE-2025-4428, allow for authentication bypass and remote code execution, respectively. Attackers used these flaws to gain access to the EPMM server, execute arbitrary code, and maintain persistence. The attack began around May 15, 2025, following the publication of a proof-of-concept exploit. The malware sets include loaders that enable arbitrary code execution and data exfiltration. The vulnerabilities affect Ivanti EPMM development branches 11.12.0.4, 12.3.0.1, 12.4.0.1, and 12.5.0.0 and their earlier releases. A China-nexus espionage group was leveraging the vulnerabilities since at least May 15, 2025. The threat actor targeted the /mifs/rs/api/v2/ endpoint with HTTP GET requests and used the ?format= parameter to send malicious remote commands. The malware sets include distinct loaders with the same name, and malicious listeners that allow injecting and running arbitrary code on the compromised system. The threat actor delivered the malware through separate HTTP GET requests in segmented, Base64-encoded chunks. Organizations are advised to update their EPMM instances, monitor for suspicious activity, and implement access restrictions to prevent unauthorized access to mobile device management systems.