Fake AI-themed documents used to spread malware

According to recent research, cybercriminals are exploiting the global interest in artificial intelligence to trick Windows users into downloading malware. In one of the identified campaigns, attackers distributed malicious files through an archive folder disguised as a useful AI technical guide.

According to the information, an archive titled “Agentic Coding with Claude Code, The everyday developer’s guide to agentic coding with Claude Code.7z” appears to be a safe document at first glance. However, once the archive is opened, a complex multi-stage attack chain consisting of hidden scripts is triggered on the system.

The attack begins when the victim opens a .lnk shortcut file located inside the archive. This file executes hidden commands using native Windows components such as cmd.exe and findstr and retrieves data from files named 3th.pdf and 4th.pdf. These files are not real PDF documents but are used as containers for storing malicious data.

At the next stage, a PowerShell script uses AES-CBC decryption to drop a secondary-stage script into the system’s AppData folder. This technique allows the malicious code to be transferred to the system in a difficult-to-read format. In the following stage, the malware attempts to add the entire C:\ drive and PowerShell.exe to Microsoft Defender’s exclusion list. As a result, the built-in antivirus mechanism is made less capable of detecting the attack.

The attackers also abuse AutoHotkey.exe by disguising it as a legitimate Realtek audio service. This step helps the malicious activity blend into the system processes. Afterwards, the malware uses the process hollowing technique to create a legitimate .NET process in a suspended state and inject malicious code into its memory space. This method prevents the malicious file from being stored on disk and increases the likelihood of evading static file scanning.

At the same time, readable decoy documents titled “AI-Ready PostgreSQL 18” or “A Guide for Thinking Marketers in the Age of AI” are displayed to the user. These documents create the impression that the downloaded file is safe and help conceal the malicious operations running in the background.

According to the research, the attack infrastructure is specifically designed for stealthy payload delivery and long-term remote access. The attack chain is split into two separate branches, resulting in the deployment of two different Remote Access Trojans on the system. One branch launches a modular .NET client with surveillance capabilities, while the other deploys the AsyncRAT malware.

Both malicious tools allow attackers to monitor the user’s desktop, track mouse movements and upload basic system information to command-and-control servers. It is noted that domains such as shampobiskworld.nl were also used in the infrastructure associated with the attack.

During the investigation, traces of automated assistance were also identified in the scripts. The intermediate PowerShell scripts make extensive use of Simplified Chinese variable names, while the code also contains an unedited Chinese comment line and a random emoji. These indicators suggest that the overall attack logic may have been designed by human operators, while generative AI tools could have been used to accelerate the code-writing process.

Experts state that this type of attack may appear simple and non-suspicious at individual stages, but the combined execution of these stages creates a serious security risk. Therefore, organisations are advised to monitor suspicious scheduled tasks, avoid opening unexpected shortcut files and exercise caution when downloading archives from unverified sources.