Alert: APT28 exploits Microsoft Office CVE-2026-21509 to deploy LAMEHUG malware using large language models. Update your systems and stay vigilant. #CyberSecurity #APT28 #LAMEHUG #MicrosoftOffice Link: thedailytechfeed.com/apt28-exploi...

【2026年最新】AIマルウェア「LAMEHUG」出現！初心者が今すぐやるべき5つの対策 最近ニュースで「AIマルウェア」とか聞いて、なんだかちょっと怖くなってきませんか？ 実は2025年から、サイバー攻撃の世界が大きく変わり始めているんです。今、私たちが知っておかないとヤバイことになってる...そんなお話を […]

AIの脅威。

新世界がやってくる。

AIがサイバー攻撃を始める！？

どうぞ、ご査収ください。

#LAMEHUG #AIマルウェア #2026年 #ニュース

LAMEHUG reportedly leverages LLMs to convert prompts into tailored payloads, increasing evasive social-engineering content and undermining signature-based controls; defenders should prioritize behavioral detection and prompt-origin telemetry. #LAMEHUG #LLM #AIsecurity https://splk.it/3VEKtbd

Dynamic Command Generation by LLM Based LAMEHUG Malware for Reconnaissance and Data Theft A sophisticated new malware family dubbed LAMEHUG has emerged as the first known threat to weaponize arti...

#Cyber #Security #News #LAMEHUG #malware

Origin | Interest | Match

a computer screen that says " you became victim of the petya ransomware " ALT: a computer screen that says " you became victim of the petya ransomware "

Datendiebstahl: Neue Malware lässt KI zur Laufzeit Befehle erzeugen - Golem.de
www.golem.de/news/datendi... #Malware #Lamehug #KI

Datendiebstahl: Neue Malware lässt KI zur Laufzeit Befehle erzeugen - Golem.de
www.golem.de/news/datendiebstahl-neue... #Malware #Lamehug #KI

AI-Powered Malware ‘LameHug’ Attacks Windows PCs via ZIP Files  Cybersecurity researchers have discovered a new and alarming trend in the world of online threats: "LameHug". This malicious program distinguishes out because it uses artificial intelligence, notably large language models (LLMs) built by companies such as Alibaba.  LameHug, unlike classic viruses, can generate its own instructions and commands, making it a more adaptive and potentially difficult to detect adversary. Its primary goal is to infiltrate Windows-based personal PCs and then take valuable data surreptitiously.  The malicious program typically begins its infiltration camouflaged as ordinary-looking ZIP files. These files are frequently sent via fraudulent emails that seem to come from legitimate government sources. When a user opens the seemingly innocent archive, the hidden executable and Python files inside begin to work. The malware then collects information about the affected Windows PC.  Following this first reconnaissance, LameHug actively looks for text documents and PDF files stored in popular computer directories before discreetly transferring the obtained data to a remote web server. Its ability to employ AI to write its own commands makes it exceptionally cunning in its actions.  LameHug was discovered by the Ukrainian national cyber incident response team (CERT-UA). Their investigation points to the Russian cyber group APT028, as the most likely source of this advanced threat. The malware is written in Python and uses Hugging Face's programming interfaces. These interfaces, in turn, are powered by a special Alibaba Cloud language model known as Qwen-2.5-Coder-32B-Instruct LLM, demonstrating the complex technological foundation of this new digital weapon.  LameHug's arrival marks the first instance of malicious software being observed to use artificial intelligence to produce its own executable commands. Existing security software, which is often made to identify known attack patterns, has significant challenges as a result of these capabilities. The ongoing and intensifying arms race in the digital sphere is highlighted by this breakthrough as well as the mention of other emerging malware, such as "Skynet," that may elude AI detection techniques.

AI-Powered Malware ‘LameHug’ Attacks Windows PCs via ZIP Files #ArtificialIntelligence #BusinessSecurity #LameHug

Original post on mastodon.online

#KIMissbrauch

Mit #Lamehug ist erstmals eine #Malware aufgetaucht, die aktiv ein KI-#Sprachmodell zur Generierung von #Schadcode nutzt.

Die #Schadsoftware greift über eine API auf das #Alibaba-LLM #Qwen zu, um gezielt #Spionagecode auf infizierten #Windows-Rechnern zu erzeugen […]

LameHug Malware Crafts Real-Time Windows Data-Theft Commands Using AI LLM  LameHug, a novel malware family, generates commands for execution on compromised Windows systems using a large language model (LLM).  Russia-backed threat group APT28 (also known as Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, and Forest Blizzard) was attributed for the assaults after LameHug was identified by Ukraine's national cyber incident response team (CERT-UA). Written in Python, the malware communicates with the Qwen 2.5-Coder-32B-Instruct LLM via the Hugging Face API, which allows it to generate commands in response to prompts.  Alibaba Cloud developed the LLM, which is open-source and designed to produce code, reason, and follow coding-focused instructions. It can translate natural language descriptions into executable code (in several languages) or shell commands. CERT-UA discovered LameHug after receiving reports on July 10 of malicious emails received from hacked accounts impersonating ministry officials and attempting to disseminate malware to executive government organisations. The emails include a ZIP attachment that contains a LameHub loader. CERT-UA identified at least three variants: 'Attachment.pif,' 'AI_generator_uncensored_Canvas_PRO_v0.9.exe,' and 'image.py.’  With a medium degree of confidence, the Ukrainian agency links this action to the Russian threat group APT28. In the reported attacks, LameHug was tasked with carrying out system reconnaissance and data theft directives generated dynamically by the LLM. LameHug used these AI-generated instructions to gather system information and save it to a text file (info.txt), recursively search for documents in critical Windows directories (Documents, Desktop, Downloads), then exfiltrate the data over SFTP or HTTP POST.  LameHug is the first publicly known malware that uses LLM to carry out the attacker's duties. From a technical standpoint, this could signal a new attack paradigm in which threat actors can modify their techniques throughout a compromise without requiring new payloads.  Furthermore, employing Hugging Face infrastructure for command and control may help to make communication more stealthy, allowing the intrusion to remain undetected for a longer period of time. The malware can also avoid detection by security software or static analysis tools that search for hardcoded commands by employing dynamically generated commands. CERT-UA did not specify if LameHug's execution of the LLM-generated commands was successful.

LameHug Malware Crafts Real-Time Windows Data-Theft Commands Using AI LLM #DataTheft #LameHug #LLM

Cato CTRL™ Threat Research: Analyzing LAMEHUG | Cato Networks

www.catonetworks.com/blog/cato-ctrl-threat-re...

CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign Jul 18, 2025Ravie LakshmananCyber Attack / Malware The Computer Emergency Response Team of Ukraine (CERT-UA)...

#Cyber #Security #APT28 #Campaign #CERTUA #Discovers #LAMEHUG […]

[Original post on zephyrnet.com]

CERT-UA uncovers LAMEHUG malware, an AI-powered threat linked to APT28, using LLMs for dynamic command generation. Stay vigilant! #CyberSecurity #APT28 #LAMEHUG #AIThreats Link: thedailytechfeed.com/cert-ua-unco...