BlackMamba Evading through AI polymorphic malware

BlackMamba: Evading through AI polymorphic malware

2 Mins Read

PUREVPNBlackMamba: Evading through AI polymorphic malware

The proof-of-concept attack BlackMamba is on the verge of using AI technology as its drive. The researchers from HYAS Labs demonstrated the proof-of-concept attack, which they call BlackMamba, which exploits a large language model (LLM). 

This model is the same as in ChatGPT. Although ChatGPT will not direct you to malware-installing techniques and bugs, intruders have found their way out.

BlackMamba uses the same techniques. It executes and synthesizes its keylogging capability every time.

“Traditional security solutions like endpoint detection and response (EDR) leverage multi-layer, data intelligence systems to combat some of today’s most sophisticated threats, and most automated controls claim to prevent novel or irregular behavior patterns,” the HYAS Labs researchers wrote. “But in practice, this is very rarely the case.”

BlackMamba: Systematic approach

According to HYAS Labs:

  • BlackMamba has a built-in keylogger designed to collect sensitive information from targeted devices. This includes usernames, passwords, and credit card numbers. 
  • Once collected, it sends the data to a malicious channel on Microsoft Teams.
  • From there, it can be transmitted to the dark web or other locations via secure encrypted channels while bypassing common firewalls and intrusion detection systems.

Proving Black Mamba’s credibility to disaster

The malware is said to be a silent disrupter. It was tested against the EDR systems, and there was no detection.

  • In the first, a malware sample had intelligent automation in a way that required no C2 communication. The stolen data was made to reach a designated server via a legitimate communication channel such as Microsoft Teams.
  • Secondly, researchers used AI code generative techniques (OpenAI APIs) to dynamically synthesize new malware code during each run, making this malware polymorphic. 
  • Furthermore, it uses the open-source Python package Auto-py-to-exe, allowing developers to convert the code into standalone executable files with Windows, Linux, and macOS support. 

Ending note

BlackMamba is proof of technological advancement and masterminds who incorporated AI into cyber crimes. AI malware is proven disastrous as it can not be detected and changes codes every time they are deployed. 

The time is now to change the outdated security procedures; instead, installing deep, in-depth security procedures for everyone with an online presence has become crucial.

author

PureVPN

date

March 13, 2023

time

1 year ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024
Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN