EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
September 29, 2025 – Published on The Hacker News
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide.
Manufacturing, government, healthcare, technology, and retail are some of the top sectors affected by the attacks, with India, the U.S., France, Italy, Brazil, Germany, the U.K., Norway, Spain, and Canada emerging as the regions with the most infections, indicating a global spread.
What’s significant about the campaign is the lengths to which the attackers have gone to make these apps appear authentic and ultimately carry out a slew of nefarious activities in the background once installed, without raising any red flags. The deception is further enhanced by the use of signing certificates from disposable companies, as older signatures are revoked.
And that’s not all. GuidePoint Security recently uncovered more digitally signed binaries that masquerade as calendar and image viewer tools, and make use of the NeutralinoJS desktop framework to execute arbitrary JavaScript code and siphon sensitive data. These applications deploy the original TamperedChef malware, which was first attributed to a malicious recipe application that’s configured to set up a stealthy communication channel with a remote server and receive commands that facilitate data theft.
Read More HERE.