In a telling view of the future, researches at IBM released a video showcasing their new malware “DeepLocker” which uses an AI to fuel its attacks and is designed to hunt a singular victim. DeepLocker uses the processing power granted to it by its AI to get around, remove, or repurpose anti-malware programs; DeepLocker represents another threat in that it also appears harmless until it activates, whereupon it rewrites itself into a more dangerous program. DeepLocker has the capability to coast through secure systems by getting into communication programs such as video conferencing abilities, and then it uses sophisticated techniques like face and voice recognition to find its target; DeepLocker may also use geolocation, social media, and other sources of information to find its chosen prey. This evolution once the target is found makes DeepLocker hard or impossible to detect and, more importantly, decrypt. Even if it was caught before turning into its final form, the pre-attack DeepLocker wouldn’t reveal its secrets as the attack vector is created as DeepLocker goes after its target. DeepLocker is primarily seen as a controller for other malware, such as WannaCry; DeepLocker strips away the code and telltales that would give away the well-known WannaCry ransomware and guides this stripped down version towards its target. Once the victim is identified it reassembles WannaCry into a usable state and launches the attack. DeepLocker allows for the creation of targeted malware attacks with a precision that has been unheard of.
Source: Researchers Developed Artificial Intelligence-Powered Stealthy Malware
The U.S. Department of Homeland Security, through US-CERT, issued an analysis of the KEYMARBLE, which is a remote access trojan that has been attributed to the North Korean cyber group “Hidden Cobra.” KEYMARBLE allows the attacker to gain access to what the infected device is displaying, as well as executing commands and extracting data. This is on top of the standard ability to modify the infected device’s registry and pull files onto the device. KEYMARBLE isn’t the only malware that’s been attributed to Hidden Cobra recently, with the FBI and DHS also laying the blame for “Typeframe”, “Joanap”, and “Brambul.” The DHS has also taken a more aggressive stance and has stated that it will move from its previously reactive role of just reporting malware and how to deal with it to actively seeking out the creators and exposing them. This more active shift is in line with the U.S. move towards better cyber defence.
Source: US-CERT issues malware analysis on KEYMARBLE RAT, attributes threat to North Korea