AI-Generated Malware Used in Targeted Phishing Attack on German Companies
• A threat actor used an AI-generated PowerShell script to distribute the Rhadamanthys infostealer malware in a phishing campaign targeting organizations in Germany.
• The attack has been attributed to the initial access broker TA547, also known as Scully Spider, which has been active since 2017.
• The malware was distributed via email impersonating the Metro cash-and-carry German brand, using invoices as a lure.
• Researchers believe the PowerShell script was created with an AI assistant like ChatGPT, due to its atypical structure and comments.
• There are signs that threat actors are increasingly leveraging AI to improve phishing campaigns, vulnerability scans, social engineering, and evasion techniques.