Malware’s Rising Tide: New Worms and Trojans Target AI and IoT
A new generation of self-replicating malware is exploiting AI development kits, open-source repositories, and vulnerable IoT devices, signaling a shift toward more automated and cross-platform attacks. Security researchers have identified several campaigns leveraging trojanized packages, stealthy Android trojans, and botnets capable of rapid vulnerability exploitation.
When AI Tools Become Attack Vectors
A trojanized version of the popular ai-sdk-ollama package has been observed delivering Miasma, a self-replicating npm worm. The attack abuses binding.gyp, a build configuration file, to embed malicious code that spreads through compromised development environments. Meanwhile, a variant of the Gafgyt botnet, dubbed C0XMO, is expanding its reach by exploiting cross-platform vulnerabilities, targeting both Linux and Windows systems.
Android and IoT Under Siege
The NFCShare Android trojan demonstrates how attackers are refining mobile threats, using malicious APKs to steal sensitive data via NFC card interactions. On the IoT front, the JDY botnet has grown to over 400 nodes, enabling rapid exploitation of routers and small office/home office devices. Compromised AUR packages have also been weaponized, distributing infostealers and rootkits to unsuspecting users.
Defensive Measures Gain Ground
In response, security teams are turning to AI-assisted analysis tools like REMnux and vision-based detection frameworks such as ViPER to counter evolving malware tactics. Memory forensics techniques, including audio signal analysis for Android malware, are being explored to improve detection accuracy. Hybrid frameworks like NetGuard are also being tested to enhance malicious URL detection at scale.
With threat actors continuously adapting, the cybersecurity community faces the challenge of keeping pace with increasingly sophisticated and interconnected attack vectors.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.