CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

SesameOp malware leverages OpenAI Assistants API for command-and-control

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

A new backdoor malware, SesameOp, uses the OpenAI Assistants API as a covert command-and-control channel. The malware was discovered during an investigation into a July 2025 cyberattack. It allowed attackers to gain persistent access to compromised environments and remotely manage backdoored devices for several months. The attackers leveraged legitimate cloud services, avoiding detection and traditional incident response measures. The malware employs a combination of symmetric and asymmetric encryption to secure communications. It uses a heavily obfuscated loader and a .NET-based backdoor deployed through .NET AppDomainManager injection into Microsoft Visual Studio utilities. The attack chain includes internal web shells and malicious processes designed for long-term espionage. The malware uses a loader component named "Netapi64.dll" and a .NET-based backdoor named "OpenAIAgent.Netapi64". The malware supports three types of values in the description field of the Assistants list retrieved from OpenAI: SLEEP, Payload, and Result. Microsoft and OpenAI collaborated to investigate the abuse of the API, leading to the disabling of the account and API key used in the attacks. The malware does not exploit a vulnerability in OpenAI's platform but misuses built-in capabilities of the Assistants API. The OpenAI Assistants API is scheduled for deprecation in August 2026 and will be replaced by a new Responses API.

Timeline

  1. 03.11.2025 20:35 3 articles · 7d ago

    SesameOp malware discovered using OpenAI Assistants API for command-and-control

    The malware leverages internal web shells and malicious processes for long-term persistence. The loader component Netapi64.dll is heavily obfuscated using Eazfuscator.NET. The loader is injected into Microsoft Visual Studio utilities via .NET AppDomainManager injection. The backdoor does not use OpenAI SDKs or model execution features, despite its name. The malware uses compression and encryption to hide communications and stay under the radar.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

AI-Powered Malware Families Deployed in the Wild

Google's Threat Intelligence Group (GTIG) has identified new malware families that leverage artificial intelligence (AI) and large language models (LLMs) for dynamic self-modification during execution. These malware families, including PromptFlux, PromptSteal, FruitShell, QuietVault, and PromptLock, demonstrate advanced capabilities for evading detection and maintaining persistence. PromptFlux, an experimental VBScript dropper, uses Google's LLM Gemini to generate obfuscated VBScript variants and evade antivirus software. It attempts persistence via Startup folder entries and spreads laterally on removable drives and mapped network shares. The malware is under development or testing phase and is assessed to be financially motivated. PromptSteal is a data miner written in Python that queries the LLM Qwen2.5-Coder-32B-Instruct to generate one-line Windows commands to collect information and documents in specific folders and send the data to a command-and-control (C2) server. It is used by the Russian state-sponsored actor APT28 in attacks targeting Ukraine. The use of AI in malware enables adversaries to create more versatile and adaptive threats, posing significant challenges for cybersecurity defenses. Various threat actors, including those from China, Iran, and North Korea, have been observed abusing AI models like Gemini across different stages of the attack lifecycle. The underground market for AI-powered cybercrime tools is also growing, with offerings ranging from deepfake generation to malware development and vulnerability exploitation.

Open in new tab

Airstalk Malware Linked to Supply Chain Attack

A new malware called Airstalk has been identified in a suspected supply chain attack. The malware exploits the AirWatch API for mobile device management (MDM) to establish a covert command-and-control (C2) channel. It is distributed by a nation-state threat actor tracked as CL-STA-1009. Airstalk can capture screenshots, harvest browser data, and exfiltrate files. The malware is available in PowerShell and .NET variants, with the latter being more advanced. The attack may target the business process outsourcing (BPO) sector. Airstalk uses a multi-threaded C2 communication protocol and supports various actions, including taking screenshots, harvesting browser data, and uninstalling itself. The .NET variant targets additional browsers and includes more sophisticated features. The malware's distribution method and specific targets remain unknown, but the use of MDM-related APIs suggests a supply chain attack.

Open in new tab

Increased Botnet Activity Targeting PHP Servers, IoT Devices, and Cloud Gateways

Botnets such as Mirai, Gafgyt, and Mozi are exploiting known vulnerabilities and cloud misconfigurations to target PHP servers, IoT devices, and cloud gateways. This trend is driven by the widespread use of PHP in web applications and the prevalence of cloud misconfigurations, which expand the attack surface. The attacks aim at remote code execution (RCE) and data theft. The vulnerabilities exploited include CVE-2022-47945 in ThinkPHP, CVE-2021-3129 in Laravel Ignition, and CVE-2017-9841 in PHPUnit. Additionally, insecure configurations and exposed AWS credentials are being targeted. IoT devices with outdated firmware and cloud-native environments are also at risk, with botnets being used for credential stuffing and password spraying campaigns. Xdebug debugging sessions are being exploited to gain insight into application behavior or extract sensitive data. The scanning activity often originates from cloud infrastructures like Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Digital Ocean, and Akamai Cloud, illustrating how threat actors are abusing legitimate services to their advantage while obscuring their true origins.

Open in new tab

Critical WSUS RCE Vulnerability Exploited in the Wild

A critical remote code execution (RCE) vulnerability (CVE-2025-59287) in Windows Server Update Service (WSUS) is being actively exploited in the wild. The flaw allows attackers to run malicious code with SYSTEM privileges on Windows servers with the WSUS Server role enabled. Microsoft has released out-of-band patches for all affected Windows Server versions. Cybersecurity firms have observed exploitation attempts and the presence of publicly available proof-of-concept exploit code. The vulnerability is considered potentially wormable between WSUS servers and poses a significant risk to organizations. The flaw concerns a case of deserialization of untrusted data in WSUS. The vulnerability was discovered and reported by security researchers MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH. CISA and NSA, along with international partners, have issued guidance to secure Microsoft Exchange Server instances, including recommendations to restrict administrative access, implement multi-factor authentication, and enforce strict transport security configurations. The agencies advise decommissioning end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365. Sophos reported threat actors exploiting the vulnerability to harvest sensitive data from U.S. organizations across various industries, with at least 50 victims identified. The exploitation activity was first detected on October 24, 2025, a day after Microsoft issued the update. Attackers use Base64-encoded PowerShell commands to exfiltrate data to a webhook[.]site endpoint. Michael Haag of Splunk noted an alternate attack chain involving the Microsoft Management Console binary (mmc.exe) to trigger cmd.exe execution.

Open in new tab

CABINETRAT Backdoor Deployed via XLL Add-ins in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a new targeted cyber attack campaign using the CABINETRAT backdoor. The campaign, attributed to the threat cluster UAC-0245, involves the distribution of malicious XLL add-ins via Signal messaging app. These add-ins, disguised as legitimate documents, are used to deploy the CABINETRAT backdoor, which gathers system information and executes commands on compromised hosts. The attack was observed in September 2025, with the malicious files distributed within ZIP archives shared on the Signal messaging app. The XLL files create multiple executables and registry modifications to ensure persistence and evade detection. The backdoor communicates with a remote server over a TCP connection.

Open in new tab