Researchers have created a malware prototype that “mimics the adaptability of biological viruses,” leveraging artificial intelligence (AI) to adapt, evade detection, make decisions, and take advantage of the state of a compromised system.
“This malware isn’t just a program—it is an adaptive entity with evolving strategies, making it an ever-present, dynamic threat,” HYAS researchers said in a novel study published on August 2.
Unlike classic malware, this AI-driven malware — named EyeSpy — is polymorphic and can “dynamically synthesize its capabilities.” This raises unprecedented questions for the global cybersecurity community.
According to Jeff Sims, principal security engineer at HYAS, EyeSpy was created by combining “CSharpCodeProvider Class, Reflection, prompt chaining, and generative AI.”
Dynamism and Evasion: EyeSpy’s Strengths
In March, Sims spoke to VPNOverview about BlackMamba, an AI-generated polymorphic malware that can evade modern security systems. However, EyeSpy surpasses its predecessor as it can not only avoid detection and make decisions autonomously.
“Ths is a whole different animal than BlackMamba. The only thing they share in common is the polymorphism from GPT,” Sims said.
EyeSpy’s adaptable nature means that its behavior and capabilities can alter with each execution, leaving minimal footprints on the host system. “It leverages the CSharpCodeProvider class for in-memory compilation, allowing it to generate and execute code without writing to disk,” HYAS said.
An accompanying video brief by HYAS demonstrated EyeSpy’s real-time capabilities. The malware waits for users to interact with specific processes, such as Zoom, which triggers EyeSpy to generate malicious code for specific purposes, like capturing microphone audio.
The malware “uses artificial intelligence to make informed decisions and synthesize its capabilities as needed to conduct cyberattacks and continuously morph to avoid detection,” HYAS noted.
Sims shared some of the key, novel functions of EyeSpy:
- Observe & Reason: The agent observes its environment, interprets various system states, and makes informed decisions based on this knowledge.
- Evolve & Adapt: The cognitive threat agent transforms its decisions into executable code in real time. It combines generative AI and advanced programming techniques, such as in-memory compilation and reflection, to continuously adapt to its environment.
- Learn & Correct: The agent assimilates feedback from executed actions and learns how to refine its capabilities.
- Evade & Strike: Cognitive threat agents possess advanced evasion capabilities that make it difficult for modern security solutions to detect their attacks.
Implications for Cybersecurity Landscape
Given the sophisticated nature of EyeSpy, traditional security mechanisms might be unable to detect and defend against such threats. According to HYAS, EyeSpy’s dynamic code synthesis during runtime and its primary operation within memory space makes it elusive.
With the emergence of threats like EyeSpy, cybersecurity defenses must evolve to counter such intelligent threats. Organizations and individuals need to be proactive in their cybersecurity efforts. As the landscape shifts, staying updated about the latest threats and protective measures is more crucial than ever.
We recommend you keep your software updated to the latest versions, invest in advanced threat protection solutions and cybersecurity training, and be cautious of phishing emails or links from an unknown sender, even if they seem legitimate.
Note: As noted by HYAS, EyeSpy is “non-weaponized,” meaning that it is a concept created purely for cybersecurity defense and research purposes.
Follow us on Twitter, Threads, and Mastodon for more cybersecurity news!
