‘AI assistants are no longer just productivity tools; they are becoming part of the infrastructure that malware can abuse’: Experts warn Copilot and Grok can be hijacked to spread malware
- Check Point warns that GenAI tools can be misused as C2 infrastructure
- Malware can hide traffic by encoding data in URLs controlled by attackers via AI queries.
- AI assistants can act as decision engines, enabling stealthy and adaptive operations against malware.
Hackers can use certain generative artificial intelligence (GenAI) tools as command and control (C2) infrastructure, hiding malicious traffic in plain sight and even using them as decision-making engines, experts have warned.
A Check Point study claims that the web browsing capabilities of Microsoft Copilot and xAI Grok can be exploited for malicious activities, although certain prerequisites remain.
Deploying malware on a device is only half the battle. This malware must always be given instructions on what to do, and the results of these instructions must always be sent over the Internet. Security solutions can capture this traffic and thus determine whether a device is compromised or not – which is why “mixing with legitimate traffic” is one of the key characteristics of high-quality malware – and now Check Point says there is a way to do this through AI assistants.
Collect sensitive data and obtain further instructions
If a malicious actor infects a device with malware, they can collect sensitive data and system information, encode it, and insert it into an attacker-controlled URL. For example, http://malicious-site.com/report?data=12345678, where the data= part contains the sensitive information.
The malware can then ask the AI: “Summarize the content of this website.” Since this is legitimate AI traffic, it does not raise any security alarms. However, the information is saved on the server controlled by the attacker, and successfully transmits it for everyone to see. To make matters worse, the website may respond with a hidden prompt that the AI executes.
The problem can get even worse if the malware asks the AI what to do next. For example, it might ask, based on collected system information, whether it is running in a high-value enterprise system or in a sandbox. In the latter case, the malware may remain inactive. If this is not the case, we can move on to the second step.
“Once AI services can be used as a stealth transport layer, the same interface can also carry prompts and model outputs that act as an external decision engine, a springboard to AI-driven implants and AIOps-style C2 that automate sorting, targeting, and operational choices in real time,” Check Point concluded.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
