In a sophisticated cyberattack campaign, the North Korean hacking group known as Konni has been distributing a new backdoor malware created with the help of generative artificial intelligence (AI) tools. According to Check Point Research, the group is targeting blockchain engineering teams with the aim of stealing sensitive information.
The Konni group, which has been active since 2014, launched this spear-phishing campaign in mid-January. Most of the incidents have been detected in Japan, Australia, and India. The attackers are using carefully crafted emails that appear to come from trusted platforms such as Google and Naver, bypassing security filters to deliver a malicious remote access trojan known as EndRAT.
AI-Powered Social Engineering
The phishing emails are disguised as financial alerts—such as fake transfer requests or confirmations—to trick recipients into clicking on malicious links. These links lead to a ZIP file that, when opened, reveals a Windows shortcut (LNK) designed to execute an AutoIt script masquerading as a PDF document.
The AutoIt script is, in fact, the EndRAT trojan. It launches a PowerShell loader that extracts Microsoft Word documents to distract the victim. While the user is distracted, the backdoor silently installs itself, escalating privileges and executing malicious actions within the system.
The backdoor also installs SimpleHelp, a legitimate remote monitoring and management tool, which is repurposed to establish persistence and communicate with an encrypted command-and-control (C2) server. This server periodically receives user metadata from the infected device, allowing the hackers to maintain long-term access.
AI-Generated Malware Code
What surprised cybersecurity experts was the evidence that the PowerShell backdoor was likely generated using AI tools. Check Point researchers noted that the attackers are using AI to accelerate malware development and standardize their code. This approach allows for more efficient, automated, and scalable social engineering attacks.
The use of AI in crafting malware highlights a growing trend in cybercrime: leveraging advanced technologies to enhance the sophistication and effectiveness of attacks. As AI tools become more accessible, experts warn that threat actors will continue to innovate, making detection and defense more challenging.
Check Point Research advises organizations, especially those in the blockchain and financial sectors, to remain vigilant, update their security protocols, and educate employees about the risks of spear-phishing and malicious attachments.
Source: CanalTech
