Fantastic Beasts: Mutating AI Trojans Take Over the Web
For the first time, the modern cyber landscape has encountered viruses that actively use artificial intelligence (AI) to modify their own code and bypass traditional security systems. Experts in the IT industry and cybersecurity are sounding the alarm: technologies have changed, and classical methods of fighting require urgent updating. Details can be found in the Izvestia article.
New generation viruses: how malicious code mutates under the influence of AI
Malware using AI gets new opportunities to bypass traditional antivirus systems due to the ability to constantly change its code, according to Google. One of these viruses, PromptFlux, regularly accesses the Gemini cloud service via the API in order to rewrite its structure and remain unnoticed.
Although this method is still in the testing stage, practical examples already exist. For example, PromptSteal disguises itself as an image generator and secretly executes commands to collect confidential data from computers. And QuietVault, after infiltrating the server, uses the AI tools installed there to steal passwords, encryption keys, and other secrets.
New viruses turn to cloud-based AI services, disguise themselves as harmless programs, and use advanced tools to circumvent restrictions. For example, attackers experiment with a variety of commands for neural networks, disguising themselves as students writing reports or participating in competitions.
Technology turns malware into living systems that can change their "appearance" in real time.
Google analysts warn that such activity is gaining momentum and becoming a widespread phenomenon in many countries.
Izvestia sent inquiries to Roskomnadzor and the Federal Customs Service of Russia.
How to distinguish a "smart" virus from a regular one: signs and behavior
Experts note a new level of adaptability of malware and the difficulty of detecting it. According to Anastasia Khveschenik, product manager of Solar WebProxy, conventional antiviruses cannot cope with them, as they work according to the principle of known threat databases. But sandboxes and modern traffic analysis systems can detect suspicious activity: increased outbound traffic, access to strange domains, and anomalies in DNS queries.
Christian Oleinik, a technical pre-sale expert at the Softline Solutions Network Security Competence Center, adds that "smart" viruses change the behavior and structure of code, create temporary scripts and simulate system processes. They regularly access unknown domains and APIs, which indicates the automatic processing of malicious functionality.
The expert emphasizes that traditional signature detection methods are useless here, because viruses adapt to protection expectations, look "clean" and require real behavioral analysis.
Andrey Mishukov, CEO of iTProtect, says that neurocyberattacks do not have direct and unconditional signs. A smart virus can be recognized by an indirect anomaly: chaotic but targeted network traffic, an unexpected increase in memory and processor load for no apparent reason, and repeated intrusion attempts with altered behavior.
Such viruses "live" inside the system, constantly evolving to remain in the shadows.
Domestic industry readiness and preventive measures
The Russian IT sector is actively responding to the challenges of a new wave of cyber attacks. Stanislav Yezhov, Director of AI at the Astra Group, explains that domestic antiviruses are already used by AI to analyze malware behavior, and the Astra Linux system provides an additional level of protection, limiting the execution of dangerous commands even in the event of virus penetration.
He recommends simple but effective steps: enabling two-factor authentication, using Russian antivirus solutions with regular updates, and monitoring the hosts file to detect fake addresses.
According to Dmitry Ovchinnikov, UserGate information security architect, modern domestic antiviruses with heuristic analysis are able to detect new viruses by their behavior, even if their code is constantly changing. The main thing is to have up—to-date databases and adhere to digital hygiene.
Ruslan Martianov, head of TrueConf's Technical support department, emphasizes the need to switch from classical methods to behavioral analysis and the use of security systems that monitor network traffic and abnormal requests to AI services. He makes a powerful analogy: fighting AI viruses is like playing chess with an opponent who changes the rules during the game.
Gleb Popkov, a senior researcher at NSU, lists that next-generation virus control methods include heuristic analysis, sandboxes, behavioral monitoring, and separation of software environments, as implemented in Astra Linux. Popkov focuses on the fact that domestic solutions, such as Comodo Internet Security, are already able to effectively counter such threats.
How can ordinary users and companies protect themselves from AI viruses
Despite the complexity of the threat, there are clear and accessible recommendations. Ruslan Rakhmetov, CEO of Security Vision, draws attention to the fact that the consequences of attacks with AI viruses are similar to the classic ones - data theft, extortion and encryption.
—Viruses disguise themselves and use stolen or purchased API keys to generate code on the fly," he says.
EDR/XDR class security solutions help to identify the final actions of malware by sequence of actions, and prevention includes checking file sources and digital signatures.
Roman Safiullin, Head of Information Security at InfoWatch ARMA, recommends that businesses closely monitor API requests for language models and use application control mechanisms.
"Classic rules are important for all users: timely software updates, careful online behavior, and distrust of unknown sources," the expert emphasized.
Переведено сервисом «Яндекс Переводчик»
