Russian Malware Takes a New Step Using Real-Time LLM Commands

While it’s not yet time to panic about any sort of AI malware apocalypse, a new development demonstrates that the world’s most sophisticated hackers are at least experimenting with making LLMs a part of their repertoire. Russian malware discovered by Ukraine’s national cyber response team has looped in an Alibaba chatbot that allows commands to be executed on compromised systems in real-time, something that could confound automated detection capabilities going forward.

This is not yet a common technique; the first and only perpetrator is thought to be the notorious “Fancy Bear” group backed by Russia’s GRU intelligence unit, the team behind some of the worst and most brazen attacks of the past decade. The Ukrainian researchers would also not say how successful the Russian malware was at actually making its commands work. But this use of an LLM does appear to be a viable direction for attackers to develop in the near future, potentially saving them the trouble of introducing new payloads to a compromised system and giving them the ability to dodge security software that keeps an eye out for static commands.

The early stages of LLM integration with malware

Though LLMs with at least the theoretical capability of producing malware have been available for years now, they have yet to become the devastating tool that inspired fear when ChatGPT first became available. Thus far there has been some limited ability to create simple malware such as a ransomware script or a Windows keylogger, usually with some “manual assistance” after the fact by a professional. More recently, a sample that contains instructions meant to be executed by an LLM that reads it was found. But none of these is sophisticated, or would really assist a novice that did not know what they were doing.

Though we don’t know how effective it was, the Russian malware at least appears to be the most sophisticated tool of this type yet. Called “LameHug” for its use of the Hugging Face API, it accesses the Qwen 2.5-Coder-32B-Instruct LLM (an Alibaba product) in real time directly on the compromised system. This allows for it to both adapt tactics on the fly without additional payload delivery, and vary up commands and actions to evade automated security software that scans for fixed terms and patterns. It does not appear to assist with the initial compromise portion of the breach, but could prove a powerful tool for stealth once inside if it works as advertised.

Russian malware caught as hackers tried to impersonate Ukraine officials

Unsurprising for Fancy Bear given the group’s recent activity, the new Russian malware was uncovered on July 10 when the hackers attempted to send phishing messages purporting to be from the Ukraine Cabinet of Ministers. The researchers say that LameHug was able to rifle through key Windows directories recursively, target and exfiltrate document file types via SFTP or HTTP POST requests, and save system information to a text file.

It is unclear what the extent of compromise was in these attacks, but the new Russian malware provides at least an indicator of what to expect from the incorporation of AI and LLMs into hacking attempts. At minimum, malware detection tools that rely on scanning for hardcoded commands may become outmoded should this technique catch on and become sufficiently refined.