216.73.217.64

New Arsenal: LAMEHUG, the First AI-Powered Malware

· Published 07/08/2025 11:20 · Modified 07/08/2025 22:22

Export JSON

Essential information

Published
07/08/2025 11:20
Modified
07/08/2025 22:22
Tags
2025-08-07 ai-powered malware data exfiltration hugging face api lamehug phishing python reconnaissance ukraine
Related entities
1 intrusion sets (apt), 3 others

Description

APT28, a Russian threat group, has developed , a -based malware that utilizes AI to generate and execute system commands. This malware, targeting 's security and defense sector, begins with a email containing a malicious attachment. employs the Qwen 2.5-Coder-32B-Instruct model via to translate text instructions into system commands. It performs system , data theft, and exfiltration using AI-generated commands. The malware collects system information, searches for documents, and exfiltrates data via SFTP or HTTP POST requests. Multiple variants of have been identified, each with different methods. This marks a significant evolution in malware capabilities, incorporating large language models to enhance attack flexibility and sophistication.

External references